CVE-2026-41918
Deferred Deferred - Pending Action
Sensitive Data Exposure in RUGGEDCOM RST2428P

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Siemens AG

Description
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-41918
EUVD
EUVD-2026-33914
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
siemens ruggedcom_rst2428p to 4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-525 The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves storing sensitive information in the browser cache when an authenticated user modifies specific configurations, potentially allowing an authenticated attacker to access sensitive data stored in the browser.

This exposure of sensitive data could impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive information and prevention of unauthorized access.

However, no explicit information regarding compliance impact or regulatory considerations is provided in the available resources.

Executive Summary

This vulnerability affects the RUGGEDCOM RST2428P device (all versions before V4.0). When an authenticated user modifies specific configurations, sensitive information is stored in the browser cache. An authenticated attacker could exploit this by accessing the sensitive data stored in the browser cache.

Impact Analysis

The impact of this vulnerability is that an authenticated attacker could gain access to sensitive information stored in the browser cache. This could lead to unauthorized disclosure of sensitive data, potentially compromising the security of the affected system.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to update the RUGGEDCOM RST2428P device to SINEC OS version 4.0 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41918. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart