Description
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode. This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
Scores
CVSS v3
7.6
EPSS
0.0003
EPSS Percentile
9.4%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-288
Status
published
Products (11)
Siemens/RUGGEDCOM ROX MX5000
Siemens/RUGGEDCOM ROX MX5000RE
Siemens/RUGGEDCOM ROX RX1400
Siemens/RUGGEDCOM ROX RX1500
Siemens/RUGGEDCOM ROX RX1501
Siemens/RUGGEDCOM ROX RX1510
Siemens/RUGGEDCOM ROX RX1511
Siemens/RUGGEDCOM ROX RX1512
Siemens/RUGGEDCOM ROX RX1524
Siemens/RUGGEDCOM ROX RX1536
... and 1 more
Published
Aug 12, 2025
Tracked Since
Feb 18, 2026