Siemens Ruggedcom Rox gets root-level RCE patch; update to v2.17.1

Siemens and CISA published ICSA-26-134-11 covering a single critical vulnerability in the Ruggedcom Rox operating system. The flaw, CVE-2025-40947, sits in the feature key installation workflow: the affected devices do not sanitize user-supplied input before passing it to the underlying OS, which allows an authenticated remote attacker to execute arbitrary commands with root privileges.

Scope

All eleven Ruggedcom Rox variants below v2.17.1 are in scope: RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000. CISA classifies the deployment context as Critical Manufacturing, worldwide. The CVSS 3.1 base score is 7.5 HIGH (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). The high attack complexity reflects the need for prior authentication; confidentiality, integrity, and availability are all rated High.

Remediation

Siemens has released v2.17.1 for all affected product lines. The fix is available through the Siemens Industry support portal. No workaround is documented; the vendor's general guidance is to restrict network access to the management interface using appropriate perimeter controls and to follow the Siemens Industrial Security operational guidelines while the patch is staged.

Background

The vulnerability was reported by Emmanuel Zhou, Rick Wyble, Mehmet Balta, and Adam Robbie of the Palo Alto Networks OT Threat Research Lab. Siemens ProductCERT relayed the report to CISA.

Ruggedcom Rox devices are commonly deployed in industrial network edge roles, substations, transportation infrastructure, manufacturing cells. Root-level RCE via a feature key installation path is a realistic threat in any environment where the management interface is accessible from a shared OT network segment, even with authentication in place. If your org uses any of the listed variants, prioritize v2.17.1 before other deferred Rox maintenance.