Access Control Vulnerability in RUGGEDCOM Network Devices by Siemens
CVE-2025-41224

7.7HIGH

What is CVE-2025-41224?

An access control vulnerability has been identified in multiple RUGGEDCOM devices from Siemens. The affected products fail to enforce proper access restrictions when transitioning from management to non-management interface configurations, leading to potential unauthorized access. This vulnerability can be exploited by attackers who have network access and proper credentials, allowing them to maintain SSH access to the device until a reboot occurs, posing a significant risk to network security.

Affected Version(s)

RUGGEDCOM RMC8388 V5.X 0

RUGGEDCOM RMC8388NC V5.X 0

RUGGEDCOM RS416NCv2 V5.X 0

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-41224 : Access Control Vulnerability in RUGGEDCOM Network Devices by Siemens