CVE-2026-41918
Deferred Deferred - Pending Action

Sensitive Data Exposure in RUGGEDCOM RST2428P

Vulnerability report for CVE-2026-41918, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Siemens AG

Description

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-07-13
AI Q&A
2026-06-02
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
siemens ruggedcom_rst2428p to 4.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-525 The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the RUGGEDCOM RST2428P device (all versions before V4.0). When an authenticated user modifies specific configurations, sensitive information is stored in the browser cache. An authenticated attacker could exploit this by accessing the sensitive data stored in the browser cache.

Compliance Impact

The vulnerability involves storing sensitive information in the browser cache when an authenticated user modifies specific configurations, potentially allowing an authenticated attacker to access sensitive data stored in the browser.

This exposure of sensitive data could impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive information and prevention of unauthorized access.

However, no explicit information regarding compliance impact or regulatory considerations is provided in the available resources.

Impact Analysis

The impact of this vulnerability is that an authenticated attacker could gain access to sensitive information stored in the browser cache. This could lead to unauthorized disclosure of sensitive data, potentially compromising the security of the affected system.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to update the RUGGEDCOM RST2428P device to SINEC OS version 4.0 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41918. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart