CVE-2025-40935

Description

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.

CVSS breakdown

Affected products

• Siemens / RUGGEDCOM RMC8388 V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RS416Pv2 V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RS416v2 V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RS900 (32M) V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RS900G (32M) V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG2100 (32M) V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG2100P (32M) V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG2288 V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG2300P V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG2300 V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG2488 V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSG907R0 – V5.10.1
• Siemens / RUGGEDCOM RSG908C0 – V5.10.1
• Siemens / RUGGEDCOM RSG909R0 – V5.10.1
• Siemens / RUGGEDCOM RSG910C0 – V5.10.1
• Siemens / RUGGEDCOM RSG920P V5.X0 – V5.10.1
• Siemens / RUGGEDCOM RSL9100 – V5.10.1
• Siemens / RUGGEDCOM RST22280 – V5.10.1
• Siemens / RUGGEDCOM RST2228P0 – V5.10.1
• Siemens / RUGGEDCOM RST916C0 – V5.10.1
• Siemens / RUGGEDCOM RST916P0 – V5.10.1

References

• MISChttps://cert-portal.siemens.com/productcert/html/ssa-763474.html