OTPulse

Siemens Ruggedcom Rox

Plan PatchCVSS 9.8ICS-CERT ICSA-26-134-16May 12, 2026
Siemens
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC CN 4100 versions before 5.0 contain multiple vulnerabilities including null pointer dereference, buffer overflow, use-after-free, integer overflow, and input validation errors that could compromise availability, integrity, and confidentiality of the device. An attacker with network access could exploit these flaws to execute arbitrary code or cause denial of service.

What this means
What could happen
An attacker could compromise the SIMATIC CN 4100 panel, potentially leading to loss of control visibility, manipulation of displayed data or setpoints, or disruption of the operator interface that controls your industrial processes.
Who's at risk
Water and electric utility operators who use SIMATIC CN 4100 operator interface panels for process control and monitoring. Any facility relying on this Siemens HMI device for SCADA or distributed control system visibility.
How it could be exploited
An attacker with network access to the CN 4100 could exploit one of the multiple memory corruption or input validation vulnerabilities to execute arbitrary code on the device. This could allow direct manipulation of the operator panel's functionality, affecting the ability to monitor and control connected industrial equipment.
Prerequisites
  • Network access to the CN 4100 device
  • User interaction to trigger the vulnerability (e.g., opening a malicious file or web content on the panel)
remotely exploitableno authentication requiredlow complexityaffects operator interface functionalitymultiple vulnerability types including memory corruption
Exploitability
Some exploitation risk — EPSS score 2.8%
Affected products (12)
12 with fix
ProductAffected VersionsFix Status
SIMATIC CN 4100< 5.05.0
RUGGEDCOM ROX MX5000< 2.17.12.17.1
RUGGEDCOM ROX MX5000RE< 2.17.12.17.1
RUGGEDCOM ROX RX1400< 2.17.12.17.1
RUGGEDCOM ROX RX1500< 2.17.12.17.1
RUGGEDCOM ROX RX1501< 2.17.12.17.1
RUGGEDCOM ROX RX1510< 2.17.12.17.1
RUGGEDCOM ROX RX1511< 2.17.12.17.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

SIMATIC CN 4100
HOTFIXUpdate SIMATIC CN 4100 to version 5.0 or later
CVEs (205)
CVE-2024-47704CVE-2024-57924CVE-2024-58240CVE-2025-6021CVE-2025-6052CVE-2025-7425CVE-2025-8916CVE-2025-9230CVE-2025-9231CVE-2025-9232CVE-2025-9820CVE-2025-14831CVE-2025-23143CVE-2025-23160CVE-2025-31257CVE-2025-37931CVE-2025-37968CVE-2025-38322CVE-2025-38347CVE-2025-38491CVE-2025-38502CVE-2025-38552CVE-2025-38614CVE-2025-38670CVE-2025-38676CVE-2025-38677CVE-2025-38679CVE-2025-38680CVE-2025-38681CVE-2025-38683CVE-2025-38684CVE-2025-38685CVE-2025-38687CVE-2025-38691CVE-2025-38693CVE-2025-38694CVE-2025-38695CVE-2025-38696CVE-2025-38697CVE-2025-38698CVE-2025-38699CVE-2025-38700CVE-2025-38701CVE-2025-38702CVE-2025-38706CVE-2025-38707CVE-2025-38708CVE-2025-38711CVE-2025-38712CVE-2025-38713CVE-2025-38714CVE-2025-38715CVE-2025-38721CVE-2025-38723CVE-2025-38724CVE-2025-38725CVE-2025-38727CVE-2025-38728CVE-2025-38729CVE-2025-38732CVE-2025-38735CVE-2025-38736CVE-2025-39673CVE-2025-39675CVE-2025-39676CVE-2025-39681CVE-2025-39682CVE-2025-39683CVE-2025-39684CVE-2025-39685CVE-2025-39686CVE-2025-39687CVE-2025-39689CVE-2025-39691CVE-2025-39692CVE-2025-39693CVE-2025-39694CVE-2025-39697CVE-2025-39701CVE-2025-39702CVE-2025-39703CVE-2025-39706CVE-2025-39709CVE-2025-39710CVE-2025-39713CVE-2025-39714CVE-2025-39715CVE-2025-39716CVE-2025-39718CVE-2025-39719CVE-2025-39724CVE-2025-39736CVE-2025-39737CVE-2025-39738CVE-2025-39742CVE-2025-39743CVE-2025-39749CVE-2025-39752CVE-2025-39756CVE-2025-39757CVE-2025-39759CVE-2025-39760CVE-2025-39766CVE-2025-39770CVE-2025-39772CVE-2025-39773CVE-2025-39776CVE-2025-39782CVE-2025-39783CVE-2025-39787CVE-2025-39788CVE-2025-39790CVE-2025-39794CVE-2025-39795CVE-2025-39798CVE-2025-39800CVE-2025-39801CVE-2025-39806CVE-2025-39808CVE-2025-39812CVE-2025-39813CVE-2025-39817CVE-2025-39819CVE-2025-39823CVE-2025-39824CVE-2025-39825CVE-2025-39826CVE-2025-39827CVE-2025-39828CVE-2025-39835CVE-2025-39838CVE-2025-39839CVE-2025-39841CVE-2025-39842CVE-2025-39843CVE-2025-39844CVE-2025-39845CVE-2025-39846CVE-2025-39847CVE-2025-39848CVE-2025-39849CVE-2025-39853CVE-2025-39857CVE-2025-39860CVE-2025-39864CVE-2025-39865CVE-2025-39866CVE-2025-40300CVE-2025-43368CVE-2025-47219CVE-2025-48989CVE-2025-53057CVE-2025-53066CVE-2025-55752CVE-2025-55754CVE-2025-61748CVE-2025-61795CVE-2026-2673CVE-2026-21925CVE-2026-21932CVE-2026-21933CVE-2026-21945CVE-2026-21947CVE-2026-22924CVE-2026-22925CVE-2026-28387CVE-2026-28388CVE-2026-28389CVE-2026-28390CVE-2026-31789CVE-2026-31790CVE-2019-13103CVE-2019-13104CVE-2019-13106CVE-2019-14192CVE-2019-14193CVE-2019-14194CVE-2019-14195CVE-2019-14196CVE-2019-14197CVE-2019-14198CVE-2019-14199CVE-2019-14200CVE-2019-14201CVE-2019-14202CVE-2019-14203CVE-2019-14204CVE-2020-10648CVE-2022-2347CVE-2022-30552CVE-2022-30790CVE-2022-34835CVE-2023-3019CVE-2023-27043CVE-2024-3447CVE-2024-22365CVE-2024-57256CVE-2024-57258CVE-2025-0395CVE-2025-3576CVE-2025-6020CVE-2025-9714CVE-2025-46836CVE-2025-49794CVE-2025-49796
View full CISA ICS-CERT advisory
API: /api/v1/advisories/b42c7c26-f0dd-4ea7-85d7-bfb54a6e8d87

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.