Remote Code Execution Vulnerability in RUGGEDCOM Products by Siemens
CVE-2025-40947

7.7HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 12 May 2026

What is CVE-2025-40947?

A security flaw in RUGGEDCOM ROX MX5000 and related models has been detected, where user-supplied inputs during the feature key installation process are not adequately sanitized. This oversight opens the door for authenticated remote attackers to execute arbitrary commands, potentially achieving remote code execution with root privileges on the affected operating systems, thus compromising the device's security integrity.

Affected Version(s)

RUGGEDCOM ROX MX5000 0

RUGGEDCOM ROX MX5000RE 0

RUGGEDCOM ROX RX1400 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0787...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-40947 Data

JSON