Access Control Vulnerability in RUGGEDCOM Network Devices by Siemens
CVE-2025-41224

7.7HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rmc8388 V5.x; Ruggedcom Rmc8388nc V5.x; Ruggedcom Rs416ncv2 V5.x; Ruggedcom Rs416pncv2 V5.x
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-41224?

An access control vulnerability has been identified in multiple RUGGEDCOM devices from Siemens. The affected products fail to enforce proper access restrictions when transitioning from management to non-management interface configurations, leading to potential unauthorized access. This vulnerability can be exploited by attackers who have network access and proper credentials, allowing them to maintain SSH access to the device until a reboot occurs, posing a significant risk to network security.

Affected Version(s)

RUGGEDCOM RMC8388 V5.X 0

RUGGEDCOM RMC8388NC V5.X 0

RUGGEDCOM RS416NCv2 V5.X 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0830...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025