Authentication Bypass Vulnerability in BIST mode of RUGGEDCOM ROX II
Monitor7.6SSA-094954Aug 12, 2025
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
RUGGEDCOM ROX II devices do not properly limit access through Built-In-Self-Test (BIST) mode. A local attacker can bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not yet available.
What this means
What could happen
An attacker with local access to a RUGGEDCOM ROX II device can bypass authentication through BIST mode and gain root shell access, allowing complete control of the network appliance including modification of routing, firewall rules, or traffic inspection.
Who's at risk
Network infrastructure teams managing RUGGEDCOM ROX II industrial switches and routers used in utility, manufacturing, and critical infrastructure networks. These devices are commonly deployed as secure network appliances in water treatment, electric distribution, and other OT environments.
How it could be exploited
An attacker with physical or local terminal access to the device can enter BIST (Built-In-Self-Test) mode, which does not enforce authentication. Once in BIST mode, the attacker can access a root shell and execute arbitrary commands on the device.
Prerequisites
- Local or direct terminal access to the RUGGEDCOM ROX II device
- Knowledge that BIST mode exists and how to access it
no patch available for all affected versionsaffects network infrastructure appliances (not endpoint)requires local access but grants complete device compromise
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (11)
11 EOL
ProductAffected VersionsFix Status
RUGGEDCOM ROX RX1500All versionsNo fix (EOL)
RUGGEDCOM ROX RX1501All versionsNo fix (EOL)
RUGGEDCOM ROX RX1511All versionsNo fix (EOL)
RUGGEDCOM ROX RX1512All versionsNo fix (EOL)
RUGGEDCOM ROX RX1524All versionsNo fix (EOL)
RUGGEDCOM ROX RX1536All versionsNo fix (EOL)
RUGGEDCOM ROX RX5000All versionsNo fix (EOL)
RUGGEDCOM ROX MX5000All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1HARDENINGRestrict physical and local terminal access to RUGGEDCOM ROX II devices through secure mounting, locked equipment cabinets, or serial console protection
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGFollow Siemens operational guidelines for Industrial Security to configure the device environment according to security best practices
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000, RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1510. Apply the following compensating controls:
HARDENINGImplement network segmentation and access controls to limit which systems can connect to the management interfaces of RUGGEDCOM devices
HARDENINGMonitor device logs for unauthorized access attempts or BIST mode activation
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9d0da2db-d4c5-4be3-8ee6-fb6934b78cd9