Description
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized.
This could allow a remote attacker to access arbitrary files on the device.
Published: 2026-05-12
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Siemens ROS# allows a remote attacker to read arbitrary files on a device by exploiting a path traversal flaw. Because the application fails to sanitize user input, an attacker can specify directory traversal sequences to access files outside the intended directory. Reading sensitive files could lead to disclosure or further compromise of system integrity.

Affected Systems

Siemens ROS# versions earlier than 2.2.2 are impacted. The flaw exists in all releases prior to this version; no specific sub‑products are listed beyond ROS#.

Risk and Exploitability

The CVSS score of 9.3 classifies this as a critical vulnerability, and the lack of an EPSS rating indicates no current exploitation data but a high theoretical risk. As the issue is not listed in the CISA KEV catalog, it may not yet be widely exploited, but the remote file read capability allows attackers to discover credentials or privileged data. The attacker would need network access to the device and ability to provide crafted input to the vulnerable interface.

Generated by OpenCVE AI on May 12, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an update that upgrades ROS# to version 2.2.2 or later.
  • If an update cannot be applied immediately, isolate the device by restricting external network access or placing it behind a firewall that blocks untrusted input to the vulnerable interface.
  • Implement network segmentation or a host‑based firewall to ensure that only trusted users can reach the ROS# services, limiting exposure to potential exploitation.

Generated by OpenCVE AI on May 12, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens ros
Vendors & Products Siemens
Siemens ros

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Allowing Remote File Read in Siemens ROS#

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Ros
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-12T12:40:31.662Z

Reserved: 2026-04-21T08:01:09.876Z

Link: CVE-2026-41551

cve-icon Vulnrichment

Updated: 2026-05-12T12:40:27.082Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:46.277

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-41551

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T12:30:15Z

Weaknesses