Lucene search
K

Siemens RUGGEDCOM RST2428P Insertion of Sensitive Information Into Sent Data (CVE-2025-66035)

🗓️ 18 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 7 Views

CVE-2025-66035: Angular HttpClient protocol-relative URLs leak XSRF token to attacker domain.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(505434);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/20");

  script_cve_id("CVE-2025-66035");

  script_name(english:"Siemens RUGGEDCOM RST2428P Insertion of Sensitive Information Into Sent Data (CVE-2025-66035)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Angular is a development platform for building mobile and desktop web
applications using TypeScript/JavaScript and other languages. Prior to
versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage
via protocol-relative URLs in angular HTTP clients. The vulnerability
is a Credential Leak by App Logic that leads to the unauthorized
disclosure of the Cross-Site Request Forgery (XSRF) token to an
attacker-controlled domain. Angular's HttpClient has a built-in XSRF
protection mechanism that works by checking if a request URL starts
with a protocol (http:// or https://) to determine if it is cross-
origin. If the URL starts with protocol-relative URL (//), it is
incorrectly treated as a same-origin request, and the XSRF token is
automatically added to the X-XSRF-TOKEN header. This issue has been
patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for
this issue involves avoiding using protocol-relative URLs (URLs
starting with //) in HttpClient requests. All backend communication
URLs should be hardcoded as relative paths (starting with a single /)
or fully qualified, trusted absolute URLs.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-253495.html");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-485750.html");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/110002573/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-66035");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(201);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rst2428p_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:ruggedcom_rst2428p_firmware" :
        {"family" : "RuggedCom", "orderNumbers" : ['6GK6242-6PA00'], "versionEndExcluding" : "4.0"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Jun 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 47.7
EPSS0.00572
SSVC
7