Product
medium
advisory
Siemens Ruggedcom Rox Improper Access Control Vulnerability
2 rules 1 TTP 1 CVESiemens Ruggedcom Rox is vulnerable to improper access control, allowing an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem via the web server's JSON-RPC interface, as tracked by CVE-2025-40948.
RUGGEDCOM ROX MX5000 +10
cve
siemens
ruggedcom
ics
file-access
attack.credential_access
2r
1t
1c
high
threat
Siemens RUGGEDCOM ROX Devices Vulnerable to Remote Code Execution via Feature Key Injection (CVE-2025-40947)
2 rules 1 TTP 1 CVECVE-2025-40947 describes a vulnerability in Siemens RUGGEDCOM ROX devices that allows authenticated remote attackers to inject arbitrary commands via a maliciously crafted feature key, resulting in remote code execution with root privileges.
RUGGEDCOM ROX MX5000 +10
cve
rce
siemens
ruggedcom
ics
2r
1t
1c
critical
advisory
CVE-2025-40949 - Siemens RUGGEDCOM ROX Web UI Command Injection
2 rules 1 TTP 1 CVEAn authenticated remote command injection vulnerability exists in the web UI scheduler functionality of multiple RUGGEDCOM ROX devices before V2.17.1, allowing arbitrary command execution with root privileges.
RUGGEDCOM ROX MX5000 +10
command-injection
rce
ruggedcom
2r
1t
1c