← voltar
CVE-2025-40935

CVE-2025-40935

CVSS 5.3 MEDIUMEPSS 0.2%CWE-20
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Produtos afetados
Siemens · RUGGEDCOM RMC8388 V5.XSiemens · RUGGEDCOM RS416Pv2 V5.XSiemens · RUGGEDCOM RS416v2 V5.XSiemens · RUGGEDCOM RS900 (32M) V5.XSiemens · RUGGEDCOM RS900G (32M) V5.XSiemens · RUGGEDCOM RSG2100 (32M) V5.XSiemens · RUGGEDCOM RSG2100P (32M) V5.XSiemens · RUGGEDCOM RSG2288 V5.XSiemens · RUGGEDCOM RSG2300P V5.XSiemens · RUGGEDCOM RSG2300 V5.XSiemens · RUGGEDCOM RSG2488 V5.XSiemens · RUGGEDCOM RSG907RSiemens · RUGGEDCOM RSG908CSiemens · RUGGEDCOM RSG909RSiemens · RUGGEDCOM RSG910CSiemens · RUGGEDCOM RSG920P V5.XSiemens · RUGGEDCOM RSL910Siemens · RUGGEDCOM RST2228Siemens · RUGGEDCOM RST2228PSiemens · RUGGEDCOM RST916CSiemens · RUGGEDCOM RST916P

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert-portal.siemens.com/productcert/html/ssa-763474.html