CVE-2025-41224
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41224
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens RUGGEDCOM RMC8388等都是德国西门子(Siemens)公司的产品。Siemens RUGGEDCOM RMC8388是一款时间信号转换器。Siemens RUGGEDCOM RMC8388NC是一款时间信号转换器。Siemens RUGGEDCOM RS416NCv2是一款通用级串行设备服务器。 Siemens多款产品存在安全漏洞,该漏洞源于未正确执行接口访问限制,可能导致未授权访问。以下产品及版本受到影响:RUGGEDCOM RMC8388 V5.X V5.10.0之前版本
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-41224
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41224
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2025-07-08 · 18 CVEs total
| CVE-2025-40736 | 9.8 CRITICAL | Siemens SINEC NMS 访问控制错误漏洞 |
| CVE-2025-40738 | 8.8 HIGH | Siemens SINEC NMS 路径遍历漏洞 |
| CVE-2025-40737 | 8.8 HIGH | Siemens SINEC NMS 路径遍历漏洞 |
| CVE-2025-40735 | 8.8 HIGH | Siemens SINEC NMS SQL注入漏洞 |
| CVE-2024-31853 | 8.1 HIGH | Siemens SICAM TOOLBOX II 信任管理问题漏洞 |
| CVE-2024-31854 | 8.1 HIGH | Siemens SICAM TOOLBOX II 信任管理问题漏洞 |
| CVE-2025-40741 | 7.8 HIGH | Siemens Solid Edge SE2025 安全漏洞 |
| CVE-2025-40740 | 7.8 HIGH | Siemens Solid Edge SE2025 缓冲区错误漏洞 |
| CVE-2025-40739 | 7.8 HIGH | Siemens Solid Edge SE2025 缓冲区错误漏洞 |
| CVE-2025-23365 | 7.8 HIGH | Siemens TIA Administrator 访问控制错误漏洞 |
| CVE-2023-52236 | 7.0 HIGH | Siemens多款产品 加密问题漏洞 |
| CVE-2025-40593 | 6.5 MEDIUM | Siemens SIMATIC CN 4100 输入验证错误漏洞 |
| CVE-2025-23364 | 6.2 MEDIUM | Siemens TIA Administrator 数据伪造问题漏洞 |
| CVE-2025-40742 | 5.3 MEDIUM | Siemens多款产品 安全漏洞 |
| CVE-2025-41222 | 5.3 MEDIUM | Siemens多款产品 安全漏洞 |
| CVE-2025-41223 | 4.8 MEDIUM | Siemens多款产品 加密问题漏洞 |
| CVE-2025-27127 | 4.3 MEDIUM | Siemens多款产品 代码问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-693
- CVE-2026-26956
vm2: WASM Sandbox Escape (Node 25 only) - CVE-2026-24120
vm2: Sandbox Breakout Through Promise Species - CVE-2026-41316
ERB has an @_init deserialization guard bypass via def_modul - CVE-2026-41469
Beghelli Sicuro24 SicuroWeb Missing Content Security Policy - CVE-2026-40604
ClearanceKit: opfilter system extension can be suspended or
V. Comments for CVE-2025-41224
No comments yet