Summary
ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a new version for ROS# and recommends to update to the latest version.
The following versions of Siemens Siemens ROS# are affected:
- ROS# vers:intdot/<2.2.2
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.1 | Siemens | Siemens Siemens ROS# | Relative Path Traversal |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
CVE-2026-41551
Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.
Affected Products
Siemens Siemens ROS#
Siemens
ROS#
known_affected
Remediations
Mitigation
For versions before 2.2.2: – run file_server on a trusted network only. – run file_server with appropriate user rights. – run file_server only for tasks it was designed for, transferring URDF files from ROS host to target system, not as a service that runs continuously in the background. – run file_server only if manually transferring files is not possible.
Vendor fix
Update to V2.2.2 or later version
https://github.com/siemens/ros-sharp/releases/tag/2.2.2
Relevant CWE: CWE-23 Relative Path Traversal
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Acknowledgments
- Alifia Rahmah of VyPr AI reported this vulnerability to Siemens.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Minimize network exposure for all control system devices and/or systems, and ens
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: