CVE-2025-40947: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Siemens RUGGEDCOM ROX MX5000
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-40947) involves improper neutralization of special elements used in OS commands (CWE-78) in Siemens RUGGEDCOM ROX MX5000 series devices before version 2.17.1. Specifically, during the feature key installation process, user-supplied input is not properly sanitized, enabling an authenticated remote attacker to inject arbitrary OS commands. Successful exploitation results in remote code execution with root privileges on the affected device. The CVSS 3.1 base score is 7.5, reflecting network attack vector, high impact on confidentiality, integrity, and availability, and requiring low privileges but high attack complexity.
Potential Impact
An authenticated remote attacker can execute arbitrary commands with root privileges on affected Siemens RUGGEDCOM ROX MX5000 devices. This could lead to full compromise of the device, including unauthorized control, data manipulation, or disruption of device operations. The vulnerability affects all versions prior to V2.17.1 across multiple RUGGEDCOM ROX MX5000 series models.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the feature key installation interface to trusted personnel only and monitor for unauthorized access attempts. Avoid exposing affected devices directly to untrusted networks. Siemens has not provided an official remediation level or patch link at this time.
CVE-2025-40947: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Siemens RUGGEDCOM ROX MX5000
Description
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-40947) involves improper neutralization of special elements used in OS commands (CWE-78) in Siemens RUGGEDCOM ROX MX5000 series devices before version 2.17.1. Specifically, during the feature key installation process, user-supplied input is not properly sanitized, enabling an authenticated remote attacker to inject arbitrary OS commands. Successful exploitation results in remote code execution with root privileges on the affected device. The CVSS 3.1 base score is 7.5, reflecting network attack vector, high impact on confidentiality, integrity, and availability, and requiring low privileges but high attack complexity.
Potential Impact
An authenticated remote attacker can execute arbitrary commands with root privileges on affected Siemens RUGGEDCOM ROX MX5000 devices. This could lead to full compromise of the device, including unauthorized control, data manipulation, or disruption of device operations. The vulnerability affects all versions prior to V2.17.1 across multiple RUGGEDCOM ROX MX5000 series models.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the feature key installation interface to trusted personnel only and monitor for unauthorized access attempts. Avoid exposing affected devices directly to untrusted networks. Siemens has not provided an official remediation level or patch link at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- siemens
- Date Reserved
- 2025-04-16T09:06:15.879Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a02f117cbff5d8610c13a50
Added to database: 5/12/2026, 9:21:27 AM
Last enriched: 5/12/2026, 9:39:31 AM
Last updated: 5/13/2026, 4:46:58 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.