CVE-2025-40948
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2025-40948, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-12
Last updated on: 2026-06-29
Assigner: Siemens AG
Description
Description
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly validate input in the web server's JSON-RPC interface.
This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | ruggedcom_rox_mx5000_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_mx5000re_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1400_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1500_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1501_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1510_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1511_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1512_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1524_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx1536_firmware | to 2.17.1 (exc) |
| siemens | ruggedcom_rox_rx5000_firmware | to 2.17.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |