CVE-2025-40935_CVE-2025-40935

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Description

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.

Basic Information

ID CVE-2025-40935

Source siemens

Published Dec 9, 2025 at 10:44

Affected Product

Vendor Siemens

Product RUGGEDCOM RMC8388 V5.X

Affected Versions Siemens RUGGEDCOM RMC8388 V5.X 0
Siemens RUGGEDCOM RS416Pv2 V5.X 0
Siemens RUGGEDCOM RS416v2 V5.X 0
Siemens RUGGEDCOM RS900 (32M) V5.X 0
Siemens RUGGEDCOM RS900G (32M) V5.X 0
Siemens RUGGEDCOM RSG2100 (32M) V5.X 0
Siemens RUGGEDCOM RSG2100P (32M) V5.X 0
Siemens RUGGEDCOM RSG2288 V5.X 0
Siemens RUGGEDCOM RSG2300 V5.X 0
Siemens RUGGEDCOM RSG2300P V5.X 0
Siemens RUGGEDCOM RSG2488 V5.X 0
Siemens RUGGEDCOM RSG907R 0
Siemens RUGGEDCOM RSG908C 0
Siemens RUGGEDCOM RSG909R 0
Siemens RUGGEDCOM RSG910C 0
Siemens RUGGEDCOM RSG920P V5.X 0
Siemens RUGGEDCOM RSL910 0
Siemens RUGGEDCOM RST2228 0
Siemens RUGGEDCOM RST2228P 0
Siemens RUGGEDCOM RST916C 0
Siemens RUGGEDCOM RST916P 0

CWE Classification

CWE-20

References

cert-portal.siemens.com /productcert/html/ssa-763474.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.",
    "published": "2025-12-09T10:44:34.649Z",
    "modified": "2025-12-09T10:44:34.649Z",
    "type": "cve",
    "title": "CVE-2025-40935",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-763474.html",
    "id": "CVE-2025-40935",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Siemens RUGGEDCOM RMC8388 V5.X 0\nSiemens RUGGEDCOM RS416Pv2 V5.X 0\nSiemens RUGGEDCOM RS416v2 V5.X 0\nSiemens RUGGEDCOM RS900 (32M) V5.X 0\nSiemens RUGGEDCOM RS900G (32M) V5.X 0\nSiemens RUGGEDCOM RSG2100 (32M) V5.X 0\nSiemens RUGGEDCOM RSG2100P (32M) V5.X 0\nSiemens RUGGEDCOM RSG2288 V5.X 0\nSiemens RUGGEDCOM RSG2300 V5.X 0\nSiemens RUGGEDCOM RSG2300P V5.X 0\nSiemens RUGGEDCOM RSG2488 V5.X 0\nSiemens RUGGEDCOM RSG907R 0\nSiemens RUGGEDCOM RSG908C 0\nSiemens RUGGEDCOM RSG909R 0\nSiemens RUGGEDCOM RSG910C 0\nSiemens RUGGEDCOM RSG920P V5.X 0\nSiemens RUGGEDCOM RSL910 0\nSiemens RUGGEDCOM RST2228 0\nSiemens RUGGEDCOM RST2228P 0\nSiemens RUGGEDCOM RST916C 0\nSiemens RUGGEDCOM RST916P 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RUGGEDCOM RMC8388 V5.X",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}