A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Siemens
  • Ruggedcom Rmc8388
  • Ruggedcom Rs416pv2
  • Ruggedcom Rs416v2
  • Ruggedcom Rs900 (32m)
  • Ruggedcom Rs900g (32m)
  • Ruggedcom Rsg2100 (32m)
  • Ruggedcom Rsg2288
  • Ruggedcom Rsg2300
  • Ruggedcom Rsg2300p
  • Ruggedcom Rsg2488
  • Ruggedcom Rsg907r
  • Ruggedcom Rsg908c
  • Ruggedcom Rsg909r
  • Ruggedcom Rsg910c
  • Ruggedcom Rsg920p
  • Ruggedcom Rsl910
  • Ruggedcom Rst2228
  • Ruggedcom Rst2228p
  • Ruggedcom Rst916c
  • Ruggedcom Rst916p

No data.

No data.

References
Link Providers
https://cert-portal.siemens.com/productcert/html/ssa-763474.html cve-icon cve-icon
History

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens ruggedcom Rmc8388
Siemens ruggedcom Rs416pv2
Siemens ruggedcom Rs416v2
Siemens ruggedcom Rs900 (32m)
Siemens ruggedcom Rs900g (32m)
Siemens ruggedcom Rsg2100 (32m)
Siemens ruggedcom Rsg2288
Siemens ruggedcom Rsg2300
Siemens ruggedcom Rsg2300p
Siemens ruggedcom Rsg2488
Siemens ruggedcom Rsg907r
Siemens ruggedcom Rsg908c
Siemens ruggedcom Rsg909r
Siemens ruggedcom Rsg910c
Siemens ruggedcom Rsg920p
Siemens ruggedcom Rsl910
Siemens ruggedcom Rst2228
Siemens ruggedcom Rst2228p
Siemens ruggedcom Rst916c
Siemens ruggedcom Rst916p
Vendors & Products Siemens
Siemens ruggedcom Rmc8388
Siemens ruggedcom Rs416pv2
Siemens ruggedcom Rs416v2
Siemens ruggedcom Rs900 (32m)
Siemens ruggedcom Rs900g (32m)
Siemens ruggedcom Rsg2100 (32m)
Siemens ruggedcom Rsg2288
Siemens ruggedcom Rsg2300
Siemens ruggedcom Rsg2300p
Siemens ruggedcom Rsg2488
Siemens ruggedcom Rsg907r
Siemens ruggedcom Rsg908c
Siemens ruggedcom Rsg909r
Siemens ruggedcom Rsg910c
Siemens ruggedcom Rsg920p
Siemens ruggedcom Rsl910
Siemens ruggedcom Rst2228
Siemens ruggedcom Rst2228p
Siemens ruggedcom Rst916c
Siemens ruggedcom Rst916p

Tue, 09 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2025-12-09T10:44:34.649Z

Updated: 2025-12-09T15:35:36.265Z

Reserved: 2025-04-16T09:06:15.878Z

Link: CVE-2025-40935

cve-icon Vulnrichment

Updated: 2025-12-09T15:35:30.304Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-12-09T16:17:47.070

Modified: 2025-12-09T18:36:53.557

Link: CVE-2025-40935

cve-icon Redhat

No data.