Description
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.
Published: 2026-06-02
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Siemens RUGGEDCOM RST2428P causes sensitive configuration data to be stored in the browser cache after an authenticated user modifies certain settings. The vulnerability, classified with CWE-525, can lead to unauthorized access to confidential information if an attacker gains access to the browser environment. The attack requires user authentication, and the attacker must visit the device’s web interface while the data remains cached.

Affected Systems

All models of the RUGGEDCOM RST2428P, version 6GK6242-6PA00 and earlier than V4.0, are affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.9, indicating a moderate risk level. No EPSS value is available, and the issue is not listed in the CISA KEV catalogue. Exploitation requires legitimate credentials and a user to access the web interface after a configuration change, making it an authenticated but non-remote attack. The potential impact includes the inadvertent exposure of confidential data to anyone who can control or read the local browser cache.

Generated by OpenCVE AI on June 2, 2026 at 15:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware release (v4.0 or newer) to eliminate the cache storage flaw.
  • If a firmware update is not immediately possible, configure the device to disable caching of configuration pages or enforce mandatory cache clearing after each session.
  • Limit user access privileges and enforce strong authentication to reduce the likelihood that an attacker can log in and exploit the vulnerability.

Generated by OpenCVE AI on June 2, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Title Sensitive Information Stored in Browser Cache on RUGGEDCOM RST2428P
First Time appeared Siemens
Siemens ruggedcom Rst2428p
Vendors & Products Siemens
Siemens ruggedcom Rst2428p

Tue, 02 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.
Weaknesses CWE-525
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Ruggedcom Rst2428p
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-06-02T14:13:54.567Z

Reserved: 2026-04-22T15:48:53.605Z

Link: CVE-2026-41918

cve-icon Vulnrichment

Updated: 2026-06-02T14:13:49.943Z

cve-icon NVD

Status : Deferred

Published: 2026-06-02T14:16:53.200

Modified: 2026-06-02T14:50:37.260

Link: CVE-2026-41918

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T15:45:06Z

Weaknesses