Siemens Ruggedcom Rox

View CSAF
Summary
Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:

RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1400 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1500 vers:intdot/<2.17.1
RUGGEDCOM ROX RX1501 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1510 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1511 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1512 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1524 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1536 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX5000 vers:intdot/<2.17.1ÿ





CVSS
Vendor
Equipment
Vulnerabilities




v3 9.1
Siemens
Siemens Ruggedcom Rox
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')




Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany


Vulnerabilities

Expand All +

CVE-2025-40949

Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H








Acknowledgments

Emmanuel Zhou, Rick Wyble, Mehemt Balta, and Adam Robbie of Palo Alto Networks OT Threat Research Lab reported this vulnerability to Siemens.
Siemens ProductCERT reported this vulnerability to CISA.


General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-081142 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Revision History

Initial Release Date: 2026-05-12




Date
Revision
Summary




2026-05-12
1
Publication Date


2026-05-14
2
Initial CISA Republication of Siemens ProductCERT SSA-081142 advisory




Legal Notice and Terms of Use

https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-12

2026-05-14 12:00 UTC
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (2:263/1)

Siemens Ruggedcom Rox

View CSAF
Summary
Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:

RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1400 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1500 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1501 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1510 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1511 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1512 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1524 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX1536 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
RUGGEDCOM ROX RX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)





CVSS
Vendor
Equipment
Vulnerabilities




v3 9.8
Siemens
Siemens Ruggedcom Rox
Uncontrolled Recursion, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Out-of-bounds Read, Improper Input Validation, Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Use After Free, Improper Validation of Syntactic Correctness of Input, Improper Control of a Resource Through its Lifetime, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Use of Weak Hash, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow, Expired Pointer Dereference




Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany


Vulnerabilities

Expand All +

CVE-2019-13103

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-674 Uncontrolled Recursion

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.1
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H







CVE-2019-13104

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H







CVE-2019-13106

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H







CVE-2019-14192

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14193

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14194

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14195

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14196

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14197

An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.0
9.1
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H







CVE-2019-14198

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14199

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14200

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14201

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14202

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14203

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2019-14204

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2020-10648

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-20 Improper Input Validation

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H







CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-122 Heap-based Buffer Overflow

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.7
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H







CVE-2022-30552

Das U-Boot 2022.01 has a Buffer Overflow.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H







CVE-2022-30790

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H







CVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H







CVE-2023-3019

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-416 Use After Free

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
6
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H







CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-1286 Improper Validation of Syntactic Correctness of Input

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N







CVE-2024-3447

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-122 Heap-based Buffer Overflow

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
6
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H







CVE-2024-22365

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-664 Improper Control of a Resource Through its Lifetime

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H







CVE-2024-57256

An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-190 Integer Overflow or Wraparound

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.1
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H







CVE-2024-57258

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-190 Integer Overflow or Wraparound

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.1
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H







CVE-2025-0395

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-131 Incorrect Calculation of Buffer Size

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
6.2
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H







CVE-2025-3576

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-328 Use of Weak Hash

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N







CVE-2025-6020

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H







CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-416 Use After Free

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H







CVE-2025-9714

Uncontrolled recursion inÿXPath evaluationÿin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-674 Uncontrolled Recursion

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
6.2
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H







CVE-2025-46836

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
6.6
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H







CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-825 Expired Pointer Dereference

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H







CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H








Acknowledgments

Siemens ProductCERT reported these vulnerabilities to CISA.


General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (2:263/1)

Siemens Ruggedcom Rox

View CSAF
Summary
Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:

RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1
RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1400 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1500 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1501 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1510 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1511 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1512 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1524 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1536 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX5000 vers:intdot/<2.17.1ÿ





CVSS
Vendor
Equipment
Vulnerabilities




v3 7.5
Siemens
Siemens Ruggedcom Rox
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')




Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany


Vulnerabilities

Expand All +

CVE-2025-40947

Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
7.5
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H








Acknowledgments

Emmanuel Zhou, Rick Wyble, Mehemt Balta, and Adam Robbie of Palo Alto Networks OT Threat Research Lab reported this vulnerability to Siemens.
Siemens ProductCERT reported this vulnerability to CISA.


General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-078743 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Revision History

Initial Release Date: 2026-05-12




Date
Revision
Summary




2026-05-12
1
Publication Date


2026-05-14
2
Initial CISA Republication of Siemens ProductCERT SSA-078743 advisory




Legal Notice and Terms of Use

https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-11

2026-05-14 12:00 UTC
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (2:263/1)

Siemens Ruggedcom Rox

View CSAF
Summary
Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:

RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1
RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1400 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1500 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1501 vers:intdot/<2.17.1
RUGGEDCOM ROX RX1510 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1511 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1512 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1524 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX1536 vers:intdot/<2.17.1ÿ
RUGGEDCOM ROX RX5000 vers:intdot/<2.17.1





CVSS
Vendor
Equipment
Vulnerabilities




v3 6.8
Siemens
Siemens Ruggedcom Rox
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')




Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany


Vulnerabilities

Expand All +

CVE-2025-40948

Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.
View CVE Details

Affected Products
Siemens Ruggedcom Rox

Vendor:Siemens
Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:known_affected


Remediations
Vendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/

Relevant CWE: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Metrics




CVSS Version
Base Score
Base Severity
Vector String




3.1
6.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N








Acknowledgments

Emmanuel Zhou, Rick Wyble, Mehemt Balta, and Adam Robbie of Palo Alto Networks OT Threat Research Lab reported this vulnerability.


General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-973901 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Revision History

Initial Release Date: 2026-05-12




Date
Revision
Summary




2026-05-12
1
Publication Date


2026-05-14
2
Initial CISA Republication of Siemens ProductCERT SSA-973901 advisory




Legal Notice and Terms of Use

https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-02

2026-05-14 12:00 UTC
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (2:263/1)