CVE-2025-40935
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | RUGGEDCOM RMC8388 V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RS416Pv2 V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RS416v2 V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RS900 (32M) V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RS900G (32M) V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG2100 (32M) V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG2100P (32M) V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG2288 V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG2300 V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG2300P V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG2488 V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG907R | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG908C | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG909R | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG910C | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSG920P V5.X | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RSL910 | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RST2228 | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RST2228P | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RST916C | 0 < V5.10.1 | affected |
| Siemens | RUGGEDCOM RST916P | 0 < V5.10.1 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.