CVE-2025-40949

EPSS 0.17%
Veröffentlicht 12.05.2026 08:20:53
Zuletzt bearbeitet 12.05.2026 14:19:41
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend.

This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

CNA 11 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000RE

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1400

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1500

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1501

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1510

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1511

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1512

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1524

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1536

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX5000

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.382

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
productcert@siemens.com	8.9	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://cert-portal.siemens.com/productcert/html/ssa-081142.html

https://nvd.nist.gov/vuln/detail/CVE-2025-40949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40949

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40949