As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 7.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM ROS Devices
- Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Improper Handling of Exceptional Conditions, Protection Mechanism Failure
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow attackers to perform man-in-the-middle attacks, cause denial of service, compromise encrypted communications, and gain unauthorized access to devices until a reboot occurs.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- RUGGEDCOM i800: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RMC8388 V5.X: All versions before 5.10.0
- RUGGEDCOM RMC8388NC V5.X: All versions before 5.10.0 (CVE-2025-41224)
- RUGGEDCOM RP110: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS1600: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS1600F: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS1600T: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS400: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM i801: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS401: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS416: All versions (CVE-2023-52236, CVE-2025-41222, CVE-2025-41223)
- RUGGEDCOM RS416NCv2 V5.X: All versions before 5.10.0 (CVE-2025-4
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: