CISA has published ICS Advisory ICSA-26-134-12, released on 14 May 2026, regarding Siemens Ruggedcom Rox. The advisory warns of an input validation vulnerability in the Scheduler functionality of Ruggedcom Rox, which could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
The affected product family includes multiple Ruggedcom Rox models, such as MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000, all running versions prior to 2.17.1. Siemens has released new versions and recommends updating to V2.17.1 or later. The vulnerability has a CVSS v3.1 base score of 9.1 (CRITICAL), attributed to CVE-2025-40949, described as OS Command Injection due to improper input sanitisation in the Web UI Scheduler. CISA urges readers to apply the vendor fix and follow general ICS security practices to minimise exploitation risk.