Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1

Monitor4.3SSA-763474Dec 9, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Ruggedcom ROS devices contain a denial of service vulnerability (CWE-20: Improper Input Validation) in versions prior to 5.10.1. An attacker with valid credentials could send a malformed input that causes the device to crash and restart, temporarily disconnecting all attached devices from the network.

What this means

What could happen

An attacker with valid credentials could crash a Ruggedcom switch or router, causing it to restart and temporarily disconnecting all connected industrial devices from the network, disrupting data flow and potentially affecting plant operations.

Who's at risk

Water authorities and electric utilities using Ruggedcom ROS industrial network switches and routers for SCADA network connectivity. This affects network backbone equipment used to interconnect field devices, substations, and control centers. Any facility using Ruggedcom RMC8388, RS416, RS900, RSG, RSL, or RST series devices in version 5.X prior to 5.10.1 is at risk.

How it could be exploited

An attacker with network access and valid user credentials could send a malformed input to the Ruggedcom device that causes improper input validation, triggering a crash and device restart.

Prerequisites

Valid user credentials on the Ruggedcom device (username and password)
Network access to the management interface of the Ruggedcom device
Device running Ruggedcom ROS version 5.X prior to 5.10.1

Remotely exploitableRequires valid credentialsMedium complexity attackAffects industrial network connectivityLow exploit probability

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RMC8388 V5.X< 5.10.15.10.1

RUGGEDCOM RS416Pv2 V5.X< 5.10.15.10.1

RUGGEDCOM RS416v2 V5.X< 5.10.15.10.1

RUGGEDCOM RS900 (32M) V5.X< 5.10.15.10.1

RUGGEDCOM RS900G (32M) V5.X< 5.10.15.10.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected Ruggedcom devices to firmware version 5.10.1 or later

CVEs (1)

CVE-2025-40935

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4e42edc7-97f8-4408-9052-7c6421e2548b