EUVD-2025-209782

🗓️ 12 May 2026 12:32:13Reported by EUVDType

Authenticated command injection via Web UI scheduler on Ruggedcom devices versions below 2.17.1 enables root access.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-40949	12 May 202608:20	–	attackerkb
Circl	CVE-2025-40949	12 May 202612:19	–	circl
CNNVD	Siemens多款产品操作系统命令注入漏洞	12 May 202600:00	–	cnnvd
CVE	CVE-2025-40949	12 May 202608:20	–	cve
Cvelist	CVE-2025-40949	12 May 202608:20	–	cvelist
ICS	Siemens Ruggedcom Rox	12 May 202600:00	–	ics
NCSC	Vulnerabilities present in Siemens products	13 May 202606:33	–	ncsc
NVD	CVE-2025-40949	12 May 202610:16	–	nvd
Positive Technologies	PT-2026-39981	12 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-40949	13 May 202614:21	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "5ee6da7e-8418-353b-be6c-5cae7d5269f2",
        "vendor": {
          "name": "Siemens"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0949fbb3-3db6-37ad-9a80-ca4f421f9e4d",
        "product": {
          "name": "RUGGEDCOM ROX MX5000RE"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "13a13b39-02c4-32ab-8a75-e53c1daa8b78",
        "product": {
          "name": "RUGGEDCOM ROX RX1524"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "34c9ef1d-74a1-3068-b9bb-072b392c529e",
        "product": {
          "name": "RUGGEDCOM ROX RX1400"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "35d2df2a-6e22-30d2-992d-0f8b70fe60a1",
        "product": {
          "name": "RUGGEDCOM ROX RX1510"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "798b89a2-7c57-37f7-a686-8ae6727aa268",
        "product": {
          "name": "RUGGEDCOM ROX RX1536"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "7cdf16e6-122a-3159-af29-44ce99751592",
        "product": {
          "name": "RUGGEDCOM ROX MX5000"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "b4e1fc3d-79a1-3e58-8ea6-95c3853e46f6",
        "product": {
          "name": "RUGGEDCOM ROX RX1501"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "b6ddad56-ed8a-3a48-84eb-d807c2166c47",
        "product": {
          "name": "RUGGEDCOM ROX RX1511"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "bac25a83-dd37-3f03-8413-a60a34ff9ebf",
        "product": {
          "name": "RUGGEDCOM ROX RX1512"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "bde2d0b9-90a5-3312-a1b3-d02445ba4ee1",
        "product": {
          "name": "RUGGEDCOM ROX RX1500"
        },
        "product_version": "0 <V2.17.1"
      },
      {
        "id": "c065209c-85d6-36cf-8d52-682fd1fdc454",
        "product": {
          "name": "RUGGEDCOM ROX RX5000"
        },
        "product_version": "0 <V2.17.1"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-081142.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-40949

12 May 2026 12:32Current

6.1Medium risk

Vulners AI Score6.1

CVSS 48.9

CVSS 3.19.1

EPSS0.00228