Siemens RUGGEDCOM ROX II

Plan PatchCVSS 8.8ICS-CERT ICSA-26-015-11Dec 9, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens RUGGEDCOM ROX II industrial network devices contain multiple high-severity vulnerabilities involving command injection and template injection (CWE-74, CWE-77) that allow low-privileged authenticated users to execute arbitrary code and gain full control of affected devices. The vulnerability chain enables attackers to modify configurations, intercept communications, or disable network services on these managed industrial switches and routers used in critical infrastructure networks.

What this means

What could happen

An attacker with low-level access to a RUGGEDCOM ROX device could execute arbitrary code and compromise process integrity, potentially causing unplanned downtime or disruption to network operations across your critical infrastructure.

Who's at risk

Water authorities and utilities running Siemens RUGGEDCOM ROX II managed industrial switches and routers (MX5000, RX1400, RX1500, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 models) in network infrastructure connecting control systems to remote sites or upstream networks.

How it could be exploited

An attacker with user-level credentials or low-privilege network access can inject malicious code through command injection or template injection vulnerabilities (CWE-74, CWE-77) to achieve remote code execution on the device. Once code execution is gained, the attacker can modify device configuration, intercept traffic, or disable network services.

Prerequisites

Low-privilege user account credentials or network access to the device's management interface
Access to network segments where RUGGEDCOM ROX devices are deployed

remotely exploitablelow complexitylow authentication requiredhigh CVSS score (8.8)affects network infrastructure supporting control system operations

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (12)

12 with fix

ProductAffected VersionsFix Status

RUGGEDCOM ROX MX5000< 2.17.02.17.0

RUGGEDCOM ROX MX5000RE< 2.17.02.17.0

RUGGEDCOM ROX RX1400< 2.17.02.17.0

RUGGEDCOM ROX RX1500< 2.17.02.17.0

RUGGEDCOM ROX RX1501< 2.17.02.17.0

RUGGEDCOM ROX RX1510< 2.17.02.17.0

RUGGEDCOM ROX RX1511< 2.17.02.17.0

RUGGEDCOM ROX RX1512< 2.17.02.17.0

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

RUGGEDCOM ROX II family

HOTFIXUpdate all RUGGEDCOM ROX II family devices to firmware version 2.17.0 or later

CVEs (6)

CVE-2024-56835 CVE-2024-56836 CVE-2024-56837 CVE-2024-56838 CVE-2024-56839 CVE-2024-56840

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d65b80d2-ab47-4746-9c35-88ae95919e1b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.