SSA-094954 — Vulnetix

SSA-094954 PUBLISHED CVSS 7.599999904632568 HIGH

RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test (BIST) mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1

7.599999904632568

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	RUGGEDCOM ROX RX1501
	RUGGEDCOM ROX RX5000
	RUGGEDCOM ROX MX5000RE
	RUGGEDCOM ROX RX1510
	RUGGEDCOM ROX RX1400
	RUGGEDCOM ROX RX1500
	RUGGEDCOM ROX MX5000
	RUGGEDCOM ROX RX1536
	RUGGEDCOM ROX RX1511
	RUGGEDCOM ROX RX1524
	RUGGEDCOM ROX RX1512

Exploit Intelligence

https://cert-portal.siemens.com/productcert/html/ssa-094954.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-094954.json (circl)

Timeline

Aug 12, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-094954.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-094954.json advisory

Open in Interactive Console →