Full Report
Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Denial of Service in Ruggedcom ROS Devices via Improper TLS Certificate Input Validation
## CVE Details
- CVE ID: CVE-2025-40935
- CVSS Score: 4.3 (CVSS v3.1) / 5.3 (CVSS v4.0) (Low/Medium)
- CWE: CWE-20: Improper Input Validation
## Affected Systems
- Products: RUGGEDCOM ROS-based devices, including RMC8388, RS416Pv2, RS416v2, RS900 (32M), RS900G (32M), RSG2100 (32M), RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSG907R (All running RUGGEDCOM ROS V5.X family).
- Versions: All versions prior to V5.10.1.
- Configurations: Affects devices utilizing the web service for TLS certificate upload.
## Vulnerability Description
The vulnerability exists because affected Ruggedcom ROS devices do not properly validate input during the TLS certificate upload process of the web service. This flaw could allow an authenticated remote attacker to send specially crafted input, triggering a device crash and subsequent reboot, resulting in a temporary Denial of Service (DoS).
## Exploitation
- Status: Not enough detail provided to determine if actively exploited/PoC available, assumed not exploited in the wild based on advisory language, but can be triggered by an authenticated attacker.
- Complexity: Low (CVSS v3.1 AC:L implies Low Attack Complexity)
- Attack Vector: Network (CVSS v3.1 AV:N)
## Impact
- Confidentiality: No Impact (C:N)
- Integrity: No Impact (I:N)
- Availability: **Low Impact** (A:L) - Leads to a device crash and temporary restart (Denial of Service).
## Remediation
### Patches
- Update to **V5.10.1 or a later version** for all affected RUGGEDCOM ROS V5.X products. (Reference link for update: hXXps://support.industry.siemens.com/cs/ww/en/view/109997649/)
### Workarounds
- Protect network access to the devices using appropriate mechanisms.
- Configure the environment according to Siemens' operational guidelines for Industrial Security (hXXps://www.siemens.com/cert/operational-guidelines-industrial-security).
- Follow the recommendations in the product manuals.
## Detection
- **Indicators of Compromise:** Unexpected device reboots or crashes correlating with known maintenance windows or suspicious network activity targeting the web/management interface.
- **Detection methods and tools:** Network monitoring to detect anomalous traffic directed towards the device's web management interface, particularly file uploads, if feasible to differentiate traffic flows.
## References
- Vendor Advisory SSA-763474: hXXps://cert-portal.siemens.com/productcert/html/ssa-763474.html
- Siemens Industrial Security Information: hXXps://www.siemens.com/industrialsecurity