CVE-2025-40947

🗓️ 12 May 2026 08:20:51Reported by siemensType

Authenticated attacker can inject commands during feature key install, enabling root code execution.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-40947	12 May 202608:20	–	attackerkb
Circl	CVE-2025-40947	12 May 202611:11	–	circl
CNNVD	Siemens RUGGEDCOM 操作系统命令注入漏洞	12 May 202600:00	–	cnnvd
Cvelist	CVE-2025-40947	12 May 202608:20	–	cvelist
EUVD	EUVD-2025-209780	12 May 202612:32	–	euvd
ICS	Siemens Ruggedcom Rox	12 May 202600:00	–	ics
NCSC	Vulnerabilities present in Siemens products	13 May 202606:33	–	ncsc
NVD	CVE-2025-40947	12 May 202610:16	–	nvd
Positive Technologies	PT-2026-39980	12 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-40947	5 Jun 202619:31	–	redhatcve

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX MX5000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX MX5000RE",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1400",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1500",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1501",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1510",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1511",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1512",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1524",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1536",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX5000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-078743.html

12 May 2026 14:19Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.5

CVSS 47.7

EPSS0.00256

SSVC

CWE-78