Relative Path Traversal (CWE-23)
9.3
CVSS 4.0 · NVD
Share
Severity by source
NVD
PRIMARY
9.3
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
5
Analysis Updated
May 12, 2026 - 10:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 12, 2026 - 10:22 vuln.today
cvss_changed
CVSS changed
May 12, 2026 - 10:22 NVD
9.1 (CRITICAL)
9.3 (CRITICAL)
Analysis Generated
May 12, 2026 - 10:04 vuln.today
CVE Published
May 12, 2026 - 08:21 nvd
CRITICAL 9.1
DescriptionCVE.org
A vulnerability has been identified in ROS
(All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized.
This could allow a remote attacker to access arbitrary files on the device.
AnalysisAI
Remote path traversal in Siemens ROS
versions prior to V2.2.2 enables unauthenticated attackers to read arbitrary files from affected systems due to insufficient input sanitization. The vulnerability affects the ROS
library, a C
.NET implementation for Robot Operating System communication, with CVSS 9.3 critical severity. No active exploitation or public exploit code has been identified at time of analysis, though the network-accessible attack vector and lack of authentication requirements present significant risk for robotics systems using this library.
Technical ContextAI
ROS
is Siemens' C
.NET library that enables communication between Robot Operating System (ROS) environments and Microsoft .NET applications, commonly used in industrial robotics and automation systems. The vulnerability stems from CWE-23 (Relative Path Traversal), where the application fails to properly neutralize special elements within pathname inputs such as '../' sequences. When user-supplied input containing directory traversal sequences is processed without adequate validation or sanitization, attackers can escape intended directory restrictions and access files outside the application's designated file system scope. The affected CPE (cpe:2.3:a:siemens:ros#) indicates this is a library-level vulnerability that could impact any application or robotic system integrating ROS
for ROS communication functionality. Path traversal vulnerabilities in robotics libraries are particularly concerning as they may expose configuration files, credentials, or operational data critical to industrial control systems.
RemediationAI
Upgrade Siemens ROS
to version V2.2.2 or later, as confirmed by Siemens ProductCERT advisory SSA-357982 (https://cert-portal.siemens.com/productcert/html/ssa-357982.html). This vendor-released patch addresses the input sanitization deficiency causing the path traversal vulnerability. Organizations should prioritize systems with ROS
instances accessible from untrusted networks or multi-tenant environments. If immediate patching is not feasible, implement network segmentation to restrict access to ROS
endpoints exclusively from trusted robotics control networks, blocking external and cross-segment access via firewall rules (trade-off: may limit legitimate remote monitoring capabilities). Deploy application-layer filtering or web application firewall rules to detect and block requests containing path traversal patterns such as '../', '..\', URL-encoded variants (%2e%2e%2f), and Unicode equivalents, though this provides only partial protection against sophisticated bypass techniques. Review file system permissions to ensure the ROS
process runs with least-privilege access, limiting the scope of files accessible even if traversal succeeds (trade-off: may require application reconfiguration and testing). Monitor file access logs for unusual patterns indicating traversal attempts, particularly access to configuration directories, credential stores, or system files outside expected ROS
operational paths.
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).
EUVD-2026-29434
GHSA-gmpj-93q6-2282