Authorization Flaw in RUGGEDCOM and SCALANCE Products by Siemens
CVE-2025-40567

7.1HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rst2428p; Scalance Xc316-8; Scalance Xc324-4; Scalance Xc324-4 Eec
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-40567?

A vulnerability exists in the web interface of Siemens RUGGEDCOM and SCALANCE products where the 'Load Rollback' functionality has insufficient authorization checks. This flaw allows a remote attacker with a 'guest' role to erroneously execute rollback actions, potentially affecting configurations made by privileged users. This issue is critical for maintaining the integrity of network device settings and overall security.

Affected Version(s)

RUGGEDCOM RST2428P 0

SCALANCE XC316-8 0

SCALANCE XC324-4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6937...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025