unit42.paloaltonetworks.com 7/17/2026, 10:32:33 AM · external

Siemens ROX II OT Switch Zero Day Flaw Lets Attackers Gain Root

Siemens ROX II OT Switch Zero Day Flaw Lets Attackers Gain Root
CyberSIXT Evidence Panel
CISA KEV Not in KEV
Patch Patch Available

THE report discusses three critical zero-day vulnerabilities discovered in Siemens ROX II OT switches (CVE-2025-40948, CVE-2025-40947, CVE-2025-40949). These vulnerabilities form a chained exploit allowing attackers to achieve full privilege escalation and root access, threatening industrial control networks. The attack progresses through:

1. **Arbitrary File Disclosure (CVE-2025-40948)**: Vulnerability in the xz utility configuration allowing attackers to read sensitive files.

2. **Privilege Escalation (CVE-2025-40947)**: Command injection vulnerability in feature key validation enabling full root access.

3. **Persistent Code Execution (CVE-2025-40949)**: Exploit in the task scheduler allowing programmed execution of malicious commands. The report emphasizes the importance of timely firmware updates and the benefits of virtual patching for protection against these vulnerabilities.

View Primary Source Via unit42.paloaltonetworks.com

Article by CyberSIXT