PatchSiren cyber security CVE debrief
CVE-2025-3576 Cert Portal CVE debrief
CVE-2025-3576 is a medium-severity integrity vulnerability affecting Siemens RUGGEDCOM ROX products when MIT Kerberos GSSAPI messages use RC4-HMAC-MD5. According to the advisory, weaknesses in MD5 checksum design can let an attacker spoof protected messages and forge message integrity codes when RC4 is preferred over stronger encryption types. Siemens and CISA identify affected RUGGEDCOM ROX MX5000 and related models, with remediation available in V2.17.1 or later.
- Vendor
- Cert Portal
- Product
- Siemens RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 RUGGEDCOM ROX MX5000RE RUGGEDCOM ROX RX1400 RUGGEDCOM ROX RX1500 RUGGEDCOM ROX RX1501 RUGGEDCOM ROX RX1510 RUGGEDCOM ROX RX1511 RUGGEDCOM ROX RX1512 RUGGEDCOM ROX RX1524 RUGGEDCOM ROX RX1536 RUGGEDCOM ROX RX5000
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators, administrators, and asset owners responsible for Siemens RUGGEDCOM ROX MX5000 and related ROX models should review this advisory, especially if Kerberos/GSSAPI is enabled and RC4 is still allowed or preferred. Security teams supporting industrial or remote-access environments using these devices should confirm upgrade plans and encryption settings.
Technical summary
The advisory describes a spoofing issue in the MIT Kerberos implementation used by affected Siemens RUGGEDCOM ROX products. The weakness is tied to GSSAPI-protected messages that rely on RC4-HMAC-MD5: if RC4 is negotiated ahead of stronger encryption types, an attacker may be able to exploit MD5 collision properties to forge message integrity codes and tamper with message contents. The published CVSS vector reflects network attackability with high complexity and an integrity impact, without direct confidentiality or availability impact.
Defensive priority
Medium priority. The issue is exploitable over the network but requires high attack complexity, and the published impact is limited to integrity. Prioritize if the affected devices are exposed to untrusted networks or if RC4 remains enabled/preferred.
Recommended defensive actions
- Update Siemens RUGGEDCOM ROX devices to V2.17.1 or later, as directed by the vendor advisory.
- Verify whether RC4-HMAC-MD5 is enabled or preferred in Kerberos/GSSAPI configurations and switch to stronger encryption types where possible.
- Inventory affected RUGGEDCOM ROX models and versions, including MX5000 and the related ROX families named in the advisory.
- Review any services or integrations that depend on Kerberos-protected messaging for message integrity or device authentication.
- Track Siemens ProductCERT and CISA advisory updates for any additional guidance or clarifications.
Evidence notes
The source corpus identifies the advisory as ICSA-26-134-16 and states that CISA published it on 2026-05-12, then republished Siemens ProductCERT SSA-577017 on 2026-05-14. The affected product list in the advisory includes Siemens RUGGEDCOM ROX MX5000 and related ROX models, with a remediation to update to V2.17.1 or later. The CVE description supplied in the corpus attributes the issue to MIT Kerberos RC4-HMAC-MD5 message spoofing via MD5 checksum weaknesses. No exploit steps or code are included here.
Official resources
-
CVE-2025-3576 CVE record
CVE.org
-
CVE-2025-3576 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-05-12 and republished it on 2026-05-14 to reflect Siemens ProductCERT SSA-577017. Use 2026-05-12 as the public disclosure date for this CVE context.