Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2025-40949 -- CVSS 9.1 Vulnerability Briefing

CVE-2025-40949 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2025-40949 is a critical-severity vulnerability affecting multiple Siemens RUGGEDCOM ROX series industrial network devices, including the MX5000, MX5000RE, RX1400, and additional RX-series models running firmware versions prior to V2.17.1.

Technical Detail

The full technical description is partially truncated in available data, but the vulnerability affects the RUGGEDCOM ROX operating environment used in hardened industrial routing and switching equipment deployed in critical infrastructure environments. Based on the CVSS score of 9.1 and the affected platform, the flaw likely enables a remote attacker to achieve unauthorized access, command execution, or significant privilege escalation without requiring physical access to the device. Organizations should treat this as a potential remote code execution or authentication bypass class vulnerability until Siemens publishes complete technical disclosure.

Exploitation Status

No known exploit code has been identified for this vulnerability at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog as of the date of this briefing. While no active exploitation has been confirmed, the critical CVSS score and the industrial network device attack surface make this a high-priority patching target regardless of current exploit availability.

Who Is Targeting This

No specific threat actor attribution at this time. However, RUGGEDCOM devices are commonly deployed in energy, utilities, transportation, and industrial control system environments, which are sectors that have historically attracted interest from state-sponsored actors and ransomware operators targeting operational technology infrastructure.

What To Do

Siemens has released firmware version V2.17.1 to address this vulnerability across all affected RUGGEDCOM ROX product lines. Operators should prioritize upgrading all affected devices to V2.17.1 or later immediately, given the critical severity rating and the operational sensitivity of the environments where these devices are typically deployed. Where immediate patching is not feasible, restrict management interface access to trusted administrative networks, disable unnecessary remote management protocols, and ensure devices are not directly exposed to untrusted networks or the internet. Monitor Siemens ProductCERT and ICS-CERT advisories for updated technical details and any additional mitigation guidance as the full vulnerability disclosure matures.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →