Which versions of RUGGEDCOM ROX are affected by EUVD-2025-209780?

Siemens RUGGEDCOM ROX industrial network devices contain a command injection vulnerability (CVE-2025-40947) that allows authenticated users to execute arbitrary commands with root privileges,…

How to fix or mitigate EUVD-2025-209780?

Within 24 hours: Inventory all Siemens RUGGEDCOM ROX devices (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 series) and document firmware versions. Within 7 days: Restrict feature key installation access to essential personnel only; disable remote administrative access where operationally feasible; implement network segmentation to isolate ROX devices. Within 30 days: Apply firmware update to V2.17.1 or later when released by Siemens; verify patch deployment across all affected devices.

RUGGEDCOM ROX EUVD-2025-209780

Q: What is the CVSS score of EUVD-2025-209780?

EUVD-2025-209780 has a CVSS 4.0 base score of 7.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

| CVE-2025-40947 HIGH

OS Command Injection (CWE-78)

2026-05-12 siemens

GHSA-6cjr-fr8j-cqh6

RCE Command Injection

7.7

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 12, 2026 - 10:38 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 12, 2026 - 10:22 vuln.today

cvss_changed

CVSS changed

May 12, 2026 - 10:22 NVD

7.5 (HIGH) 7.7 (HIGH)

Analysis Generated

May 12, 2026 - 10:01 vuln.today

CVE Published

May 12, 2026 - 08:20 nvd

HIGH 7.5

DescriptionNVD

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process.

This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.

AnalysisAI

Command injection in Siemens RUGGEDCOM ROX industrial network devices enables authenticated remote attackers to execute arbitrary commands with root privileges during feature key installation. The vulnerability affects multiple ROX product lines (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions below V2.17.1. While exploitation requires low-level authentication and higher attack complexity (CVSS 4.0: AV:N/AC:H/PR:L), successful exploitation grants complete control over critical industrial network infrastructure. No public exploit identified at time of analysis, and EPSS data not available for this recently disclosed vulnerability.

Technical ContextAI

This vulnerability stems from CWE-78 (OS Command Injection) in the feature key installation functionality of Siemens RUGGEDCOM ROX operating system. The ROX platform is a hardened Linux-based operating system designed for industrial routers and network devices in critical infrastructure environments. Feature key installation is an administrative function used to activate licensed capabilities on these devices. The lack of input sanitization allows authenticated users to inject shell metacharacters or command separators into user-supplied data during this process, which is then executed by the underlying OS with elevated privileges. The CVSS 4.0 vector indicates network-based attack delivery (AV:N) with high attack complexity (AC:H) requiring low-privilege authentication (PR:L), but resulting in complete compromise of confidentiality, integrity, and availability (VC:H/VI:H/VA:H) with no impact on subsequent systems (SC:N/SI:N/SA:N).

RemediationAI

Immediately upgrade all affected RUGGEDCOM ROX devices to firmware version V2.17.1 or later as documented in Siemens ProductCERT Security Advisory SSA-078743 (https://cert-portal.siemens.com/productcert/html/ssa-078743.html). The patch addresses the command injection vulnerability in the feature key installation process through proper input sanitization. During upgrade planning, note that firmware updates on industrial network devices may require maintenance windows and operational coordination. As interim compensating controls until patching is complete: restrict network access to the management interface using firewall rules or access control lists to permit only authorized administrator IP addresses (eliminates network-based attack vector but requires strict IP management); implement multi-factor authentication if supported to raise the authentication barrier beyond PR:L (reduces likelihood of credential compromise); monitor and log all feature key installation attempts for anomalous activity (provides detection capability but does not prevent exploitation); consider disabling feature key installation functionality if not operationally required until patching (eliminates attack surface but may impact license management). For air-gapped OT networks, prioritize patching devices with any pathway to corporate networks or external connectivity.

EUVD-2025-209780 vulnerability details – vuln.today

Back

RUGGEDCOM ROX EUVD-2025-209780

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

RUGGEDCOM ROX EUVD-2025-209780

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code