Siemens Ruggedcom Rox

Plan PatchCVSS 9.1ICS-CERT ICSA-26-134-12May 12, 2026

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Ruggedcom Rox devices contain an input validation flaw in the Scheduler functionality that allows an authenticated administrator to execute arbitrary OS commands with root privileges. The vulnerability affects RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 models running firmware versions before 2.17.1.

What this means

What could happen

An authenticated attacker with administrative access could execute arbitrary commands with root privileges on Ruggedcom Rox devices, potentially shutting down network services, altering configurations, or disrupting communications across your industrial network.

Who's at risk

Operators of Siemens Ruggedcom Rox industrial network management devices. These are industrial-grade Ethernet switches and routers used in power generation, oil/gas, water utilities, and manufacturing to provide secure, redundant communication networks. If you use Ruggedcom Rox devices for critical network connectivity (such as control system data or SCADA communications), they are affected.

How it could be exploited

An attacker with valid administrative credentials accesses the Ruggedcom Rox web interface or management console and submits a malicious command through the Scheduler functionality. The input validation flaw allows the attacker to inject OS commands that execute with root privileges, giving full control of the device.

Prerequisites

Valid administrative credentials for the Ruggedcom Rox device
Network access to the device management interface (web or administrative port)
Access to the Scheduler functionality in the management UI

remotely exploitablehigh CVSS score (9.1)affects network infrastructure used in critical processes

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

RUGGEDCOM ROX MX5000< 2.17.12.17.1

RUGGEDCOM ROX MX5000RE< 2.17.12.17.1

RUGGEDCOM ROX RX1400< 2.17.12.17.1

RUGGEDCOM ROX RX1500< 2.17.12.17.1

RUGGEDCOM ROX RX1501< 2.17.12.17.1

RUGGEDCOM ROX RX1510< 2.17.12.17.1

RUGGEDCOM ROX RX1511< 2.17.12.17.1

RUGGEDCOM ROX RX1512< 2.17.12.17.1

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict administrative access to Ruggedcom Rox devices to authorized engineering workstations only using network access control lists or firewall rules

HARDENINGChange default administrative credentials on all Ruggedcom Rox devices if they have not been changed from factory settings

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all RUGGEDCOM ROX devices (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) to firmware version 2.17.1 or later

CVEs (1)

CVE-2025-40949

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ce9f0fd-35e5-4914-bd6a-f0d8399db69d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.