CVE-2026-41551: CWE-23: Relative Path Traversal in Siemens ROS#
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.
AI Analysis
Technical Summary
CVE-2026-41551 is a relative path traversal vulnerability in Siemens ROS# affecting all versions before 2.2.2. The vulnerability arises because user-supplied input is not properly sanitized, enabling remote attackers to traverse directories and access arbitrary files on the device. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high confidentiality and integrity impact. No official patch or remediation level has been published by Siemens as of the vulnerability disclosure date.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to read arbitrary files on the affected device, potentially exposing sensitive information and compromising system integrity. There is no impact on availability reported. The vulnerability is rated critical due to the ease of exploitation and the high confidentiality and integrity impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until an official fix is released, restrict network access to the affected ROS# instances and monitor for suspicious activity related to file access attempts. Avoid exposing the vulnerable versions to untrusted networks.
CVE-2026-41551: CWE-23: Relative Path Traversal in Siemens ROS#
Description
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41551 is a relative path traversal vulnerability in Siemens ROS# affecting all versions before 2.2.2. The vulnerability arises because user-supplied input is not properly sanitized, enabling remote attackers to traverse directories and access arbitrary files on the device. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high confidentiality and integrity impact. No official patch or remediation level has been published by Siemens as of the vulnerability disclosure date.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to read arbitrary files on the affected device, potentially exposing sensitive information and compromising system integrity. There is no impact on availability reported. The vulnerability is rated critical due to the ease of exploitation and the high confidentiality and integrity impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until an official fix is released, restrict network access to the affected ROS# instances and monitor for suspicious activity related to file access attempts. Avoid exposing the vulnerable versions to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- siemens
- Date Reserved
- 2026-04-21T08:01:09.876Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a02f11acbff5d8610c13ae6
Added to database: 5/12/2026, 9:21:30 AM
Last enriched: 5/12/2026, 9:36:46 AM
Last updated: 5/12/2026, 4:11:55 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.