CVE-2025-40935
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: Siemens AG

Description
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40935
EUVD
EUVD-2025-201920
Affected Vendors & Products
Showing 21 associated CPEs
Vendor Product Version / Range
siemens ruggedcom_rst2228 5.10.1
siemens ruggedcom_rsg2488 5.10.1
siemens ruggedcom_rsg920p 5.10.1
siemens ruggedcom_rsg2288 5.10.1
siemens ruggedcom_rsg2300p 5.10.1
siemens ruggedcom_rs900g 5.10.1
siemens ruggedcom_rs900 5.10.1
siemens ruggedcom_rst2228p 5.10.1
siemens ruggedcom_rst916p 5.10.1
siemens ruggedcom_rsg907r 5.10.1
siemens ruggedcom_rst916c 5.10.1
siemens ruggedcom_rsg2100p 5.10.1
siemens ruggedcom_rsg2100 5.10.1
siemens ruggedcom_rsg909r 5.10.1
siemens ruggedcom_rs416v2 5.10.1
siemens ruggedcom_rsg910c 5.10.1
siemens ruggedcom_rs416pv2 5.10.1
siemens ruggedcom_rsg2300 5.10.1
siemens ruggedcom_rsg908c 5.10.1
siemens ruggedcom_rsl910 5.10.1
siemens ruggedcom_rmc8388 5.10.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in multiple versions of Siemens RUGGEDCOM devices prior to version 5.10.1. It occurs because the devices do not properly validate input during the TLS certificate upload process on their web service. An authenticated remote attacker could exploit this flaw to cause the device to crash and reboot.

Impact Analysis

The vulnerability can lead to a temporary Denial of Service (DoS) condition on affected devices by causing them to crash and reboot. This disrupts normal device operation and availability.

Compliance Impact

The provided resources do not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, immediately update all affected Siemens Ruggedcom ROS devices to version V5.10.1 or later. Additionally, protect network access to these devices using appropriate security mechanisms and configure the operational environment according to Siemens' Industrial Security operational guidelines. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40935. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart