8.6
CVE-2025-40761
- EPSS 0.03%
- Veröffentlicht 12.08.2025 11:17:11
- Zuletzt bearbeitet 12.08.2025 14:25:33
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode. This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1400
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1500
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1501
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1510
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1511
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1512
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1524
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1536
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX5000
Default Statusunknown
Version <
*
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.079 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 7.6 | 0.9 | 6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| productcert@siemens.com | 8.6 | 0 | 0 |
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.