CVE-2025-40568

MEDIUM

RUGGEDCOM RST2428P - Path Traversal

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to terminate legitimate users' sessions.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0019
EPSS Percentile 40.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (15)
Siemens/RUGGEDCOM RST2428P < V3.2
Siemens/SCALANCE XCH328 < V3.2
Siemens/SCALANCE XCM324 < V3.2
Siemens/SCALANCE XCM328 < V3.2
Siemens/SCALANCE XCM332 < V3.2
Siemens/SCALANCE XRH334 (24 V DC, 8xFO, CC) < V3.2
Siemens/SCALANCE XRM334 (230 V AC, 12xFO) < V3.2
Siemens/SCALANCE XRM334 (230 V AC, 8xFO) < V3.2
Siemens/SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) < V3.2
Siemens/SCALANCE XRM334 (24 V DC, 12xFO) < V3.2
... and 5 more
Published Jun 10, 2025
Tracked Since Feb 18, 2026