Description
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend.

This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
Published: 2026-05-12
Score: 8.9 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The RUGGEDCOM ROX devices expose a command injection vulnerability within their web interface’s component. Because user‑supplied input is not properly sanitized, an authenticated attacker who can access the Scheduler can inject arbitrary operating system commands. This flaw is a type‑III command injection (CWE‑78) that, when exploited, allows the attacker to run commands with root privileges on the underlying operating system, compromising confidentiality, integrity, availability, and overall system control.

Affected Systems

Affected are Siemens RUGGEDCOM ROX devices, specifically the MX5000, MX5000RE, RX1400, RX1500–RX1501, RX1510–RX1512, RX1524, RX1536, and RX5000 models, all firmware versions prior to V2.17.1.

Risk and Exploitability

The flaw has a CVSS score of 8.9, indicating high severity, but EPSS is not available, and the vulnerability is not yet in the CISA KEV catalog. Given that it requires authenticated remote access via the web interface, the likelihood of exploitation in a targeted environment is significant. An attacker would need valid user credentials, but once authenticated can execute any command with root privileges.

Generated by OpenCVE AI on May 12, 2026 at 10:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware to version V2.17.1 or newer on all affected RUGGEDCOM ROX devices.
  • Restrict access to the web user interface to trusted networks or enforce strong authentication methods to limit who can log in.
  • If the scheduler is not required for operations, disable or remove the scheduler feature from the device configuration.

Generated by OpenCVE AI on May 12, 2026 at 10:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Command Injection via Scheduler in RUGGEDCOM Web UI

Tue, 12 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens ruggedcom Rox Mx5000
Siemens ruggedcom Rox Mx5000re
Siemens ruggedcom Rox Rx1400
Siemens ruggedcom Rox Rx1500
Siemens ruggedcom Rox Rx1501
Siemens ruggedcom Rox Rx1510
Siemens ruggedcom Rox Rx1511
Siemens ruggedcom Rox Rx1512
Siemens ruggedcom Rox Rx1524
Siemens ruggedcom Rox Rx1536
Siemens ruggedcom Rox Rx5000
Vendors & Products Siemens
Siemens ruggedcom Rox Mx5000
Siemens ruggedcom Rox Mx5000re
Siemens ruggedcom Rox Rx1400
Siemens ruggedcom Rox Rx1500
Siemens ruggedcom Rox Rx1501
Siemens ruggedcom Rox Rx1510
Siemens ruggedcom Rox Rx1511
Siemens ruggedcom Rox Rx1512
Siemens ruggedcom Rox Rx1524
Siemens ruggedcom Rox Rx1536
Siemens ruggedcom Rox Rx5000

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Siemens Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 Ruggedcom Rox Rx1501 Ruggedcom Rox Rx1510 Ruggedcom Rox Rx1511 Ruggedcom Rox Rx1512 Ruggedcom Rox Rx1524 Ruggedcom Rox Rx1536 Ruggedcom Rox Rx5000
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-12T08:20:53.983Z

Reserved: 2025-04-16T09:06:15.880Z

Link: CVE-2025-40949

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:43.360

Modified: 2026-05-12T14:19:41.400

Link: CVE-2025-40949

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T11:00:07Z

Weaknesses