PatchSiren cyber security CVE debrief
CVE-2025-40890 Siemens CVE debrief
A stored cross-site scripting (XSS) vulnerability exists in the Dashboards functionality of Siemens RUGGEDCOM APE1808. An authenticated low-privilege user can craft a malicious dashboard containing JavaScript and share it with victims, or socially engineer victims to import a malicious dashboard template. When viewed or imported, the payload executes in the victim's browser context, enabling unauthorized actions including data modification, availability disruption, and limited sensitive information access. The vulnerability stems from improper input validation. CISA published this advisory on August 12, 2025, with the CVE added in a January 13, 2026 revision. Siemens ProductCERT issued advisory SSA-978177, which CISA republished. A vendor fix is available in Nozomi Guardian/CMC V25.4.0, with CLI upgrade recommended due to potential Web GUI errors during the process.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-01-14
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 with Nozomi Guardian/CMC deployments, particularly those with multiple users having dashboard access. Critical for industrial control system environments where integrity and availability are paramount. Security teams should prioritize patching and access control reviews.
Technical summary
Stored XSS in Dashboards functionality due to improper input validation. Attack vector: network. Attack complexity: high. Privileges required: low. User interaction: required. Scope: changed. Confidentiality: low. Integrity: high. Availability: high. CVSS 3.1: 7.9 (HIGH).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Nozomi Guardian/CMC to V25.4.0 using CLI due to potential Web GUI errors during upgrade; contact customer support for patch details
- Use internal firewall features to restrict access to the web management interface
- Review and delete unnecessary accounts with web management interface access
- Audit existing dashboards for unauthorized or suspicious content
- Implement principle of least privilege for dashboard creation and sharing permissions
- Train users to verify dashboard sources before importing templates
Evidence notes
CVE published 2025-08-12; modified 2026-01-14. Advisory ICSA-25-226-09 initially published 2025-08-12; CVE-2025-40890 added in Revision 3 dated 2026-01-13; republished by CISA 2026-01-14. Source: CISA CSAF advisory with Siemens ProductCERT SSA-978177 as canonical source.
Official resources
-
CVE-2025-40890 CVE record
CVE.org
-
CVE-2025-40890 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12