Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.
AnalysisAI
Sensitive configuration data exposure in Siemens RUGGEDCOM RST2428P industrial network switch (all firmware versions before V4.0) allows authenticated attackers to retrieve confidential information from the browser cache. The web management interface fails to enforce proper cache-control directives when an authenticated user performs specific configuration modification workflows, persisting sensitive data in the local browser cache. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that: (1) the attacker holds at minimum a low-privilege authenticated session on the device (PR:L per CVSS 4.0); (2) a legitimate authenticated user has previously performed a specific configuration modification workflow through the web interface, thereby populating the browser cache with sensitive data (AT:P - attack requirement present; UI:P - passive victim interaction); and (3) the attacker has access to the same browser profile or local filesystem cache as the user who performed the configuration change - most realistically on a shared workstation, jump server, or kiosk terminal. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.9 (Medium) appropriately reflects the constrained attack path: AV:N indicates the web interface is network-accessible, but AT:P requires a prerequisite condition (specific configuration changes must have occurred), PR:L mandates an authenticated low-privilege foothold, and UI:P requires passive victim interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege authenticated access to the RUGGEDCOM RST2428P web management interface - or who has physical or logical access to a shared administrative workstation (such as a jump server) used by network operators - waits for or observes a legitimate administrator performing specific configuration changes. The browser caches the sensitive response data. … |
| Remediation | Upgrade RUGGEDCOM RST2428P firmware to V4.0 or later, as confirmed by Siemens PSIRT via advisory SSA-253495 (https://cert-portal.siemens.com/productcert/html/ssa-253495.html). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33914
GHSA-xpj8-v2g3-x4r2