PatchSiren cyber security CVE debrief
CVE-2025-46836 Cert Portal CVE debrief
CVE-2025-46836 describes a stack-based buffer overflow in the Linux net-tools interface display path. In the source advisory, interface labels from /proc/net/dev can be copied into a fixed 16-byte stack buffer without bounds checking, which can lead to a crash and, in some scenarios, possible code execution. The stated attack path does not require privilege, but the source also says it does not provide privilege escalation. Siemens’ remediation guidance in the advisory points to updating affected RUGGEDCOM ROX products to v2.17.1 or later.
- Vendor
- Cert Portal
- Product
- Siemens RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 RUGGEDCOM ROX MX5000RE RUGGEDCOM ROX RX1400 RUGGEDCOM ROX RX1500 RUGGEDCOM ROX RX1501 RUGGEDCOM ROX RX1510 RUGGEDCOM ROX RX1511 RUGGEDCOM ROX RX1512 RUGGEDCOM ROX RX1524 RUGGEDCOM ROX RX1536 RUGGEDCOM ROX RX5000
- CVSS
- MEDIUM 6.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT operators, Siemens RUGGEDCOM ROX administrators, and security teams responsible for embedded Linux management access, local console users, or device maintenance on affected industrial networking appliances.
Technical summary
The underlying flaw is a bounds-checking failure in get_name() in interface.c. When interface names/labels are read from /proc/net/dev, they are copied into a fixed-size 16-byte stack buffer without proper validation. The source description frames the issue as affecting net-tools versions up to and including 2.10, while the Siemens advisory maps remediation to specific RUGGEDCOM ROX products below version 2.17.1. The practical impact is local memory corruption with crash risk and potential code execution, but no privilege escalation is claimed in the supplied material.
Defensive priority
Medium overall, but treat as higher priority in OT environments because a local, unprivileged crash or memory-corruption event can disrupt device availability.
Recommended defensive actions
- Apply the Siemens advisory remediation and update affected RUGGEDCOM ROX products to v2.17.1 or later.
- Inventory affected Siemens RUGGEDCOM ROX models and confirm whether net-tools is present in the deployed firmware or package set.
- Restrict local and maintenance access to trusted administrators only, and limit opportunities for untrusted users to interact with the device shell or interface management utilities.
- Schedule updates during a maintenance window and validate device behavior after patching to confirm interface reporting functions normally.
- Monitor for unexpected crashes, abnormal restarts, or interface-display failures on affected devices until remediation is complete.
- Use defense-in-depth controls from CISA ICS guidance to reduce the impact of local compromise or tampering on industrial devices.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-26-134-16, which republishes Siemens ProductCERT advisory SSA-577017. The supplied source describes a stack-based buffer overflow in net-tools get_name() while processing /proc/net/dev, lists affected Siemens RUGGEDCOM ROX products, and recommends updating to v2.17.1 or later. The source description also says a patch is expected in net-tools 2.20, creating a versioning inconsistency that should be resolved by following the vendor advisory for product-specific remediation.
Official resources
-
CVE-2025-46836 CVE record
CVE.org
-
CVE-2025-46836 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-134-16 on 2026-05-12 and republished Siemens ProductCERT advisory material on 2026-05-14. The source corpus does not indicate KEV inclusion.