CVE-2025-40949

🗓️ 12 May 2026 08:20:53Reported by siemensType

Authenticated attacker can inject commands via Scheduler in the Web UI to gain root on Ruggedcom devices.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-40949	12 May 202608:20	–	attackerkb
Circl	CVE-2025-40949	12 May 202612:19	–	circl
CNNVD	Siemens多款产品操作系统命令注入漏洞	12 May 202600:00	–	cnnvd
CVE	CVE-2025-40949	12 May 202608:20	–	cve
EUVD	EUVD-2025-209782	12 May 202612:32	–	euvd
ICS	Siemens Ruggedcom Rox	12 May 202600:00	–	ics
NCSC	Vulnerabilities present in Siemens products	13 May 202606:33	–	ncsc
NVD	CVE-2025-40949	12 May 202610:16	–	nvd
Positive Technologies	PT-2026-39981	12 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-40949	13 May 202614:21	–	redhatcve

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX MX5000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX MX5000RE",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1400",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1500",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1501",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1510",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1511",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1512",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1524",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1536",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX5000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.17.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-081142.html

12 May 2026 08:20Current

CVSS 48.9

CVSS 3.19.1

EPSS0.00228

CWE-78