Access Control Vulnerability in RUGGEDCOM Network Devices by Siemens
CVE-2025-41224
7.7HIGH
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-41224?
An access control vulnerability has been identified in multiple RUGGEDCOM devices from Siemens. The affected products fail to enforce proper access restrictions when transitioning from management to non-management interface configurations, leading to potential unauthorized access. This vulnerability can be exploited by attackers who have network access and proper credentials, allowing them to maintain SSH access to the device until a reboot occurs, posing a significant risk to network security.
Affected Version(s)
RUGGEDCOM RMC8388 V5.X 0
RUGGEDCOM RMC8388NC V5.X 0
RUGGEDCOM RS416NCv2 V5.X 0