Siemens Ruggedcom Rox

Plan PatchCVSS 7.5ICS-CERT ICSA-26-134-11May 12, 2026

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

RUGGEDCOM ROX devices (MX5000, RX series) contain an input validation vulnerability in the feature key installation process that allows authenticated remote attackers to execute arbitrary commands with root privileges on the underlying operating system.

What this means

What could happen

An attacker with valid credentials could remotely execute commands on your RUGGEDCOM ROX devices, potentially allowing them to modify network configurations, access or alter industrial process data, or disrupt network operations.

Who's at risk

Water utilities and electrical utilities operating RUGGEDCOM ROX industrial-grade managed switches for network infrastructure. The MX5000 and RX series switches are commonly used in substation automation and remote terminal unit environments to provide secure, ruggedized connectivity for critical control devices.

How it could be exploited

An attacker with valid credentials accesses the RUGGEDCOM ROX device remotely and submits a malicious feature key during the key installation process. The device does not properly validate the input, allowing the attacker to inject arbitrary commands that execute with root privileges.

Prerequisites

Valid credentials for the RUGGEDCOM ROX device
Network access to the device management interface
Device running RUGGEDCOM ROX firmware version earlier than 2.17.1

remotely exploitablerequires valid credentialsaffects network infrastructure devices with access to control systemshigh CVSS score (7.5)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

RUGGEDCOM ROX MX5000< 2.17.12.17.1

RUGGEDCOM ROX MX5000RE< 2.17.12.17.1

RUGGEDCOM ROX RX1400< 2.17.12.17.1

RUGGEDCOM ROX RX1500< 2.17.12.17.1

RUGGEDCOM ROX RX1501< 2.17.12.17.1

RUGGEDCOM ROX RX1510< 2.17.12.17.1

RUGGEDCOM ROX RX1511< 2.17.12.17.1

RUGGEDCOM ROX RX1512< 2.17.12.17.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all RUGGEDCOM ROX devices (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) to firmware version 2.17.1 or later

CVEs (1)

CVE-2025-40947

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/767149b9-85ea-406a-a973-2e79c2b466e9

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.