PatchSiren cyber security CVE debrief
CVE-2025-40892 Siemens CVE debrief
CVE-2025-40892 is a stored cross-site scripting flaw in the Reports functionality of Siemens RUGGEDCOM APE1808 devices. The issue is caused by improper validation of an input parameter. An attacker with report privileges can store a malicious payload in a report, or a victim can be tricked into importing a malicious report template. When the report is viewed or imported, the script runs in the victim’s browser context and can be used to perform unauthorized actions, affect availability, and access limited sensitive information.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 8.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-05-14
Who should care
OT and security teams responsible for Siemens RUGGEDCOM APE1808 deployments, especially administrators who manage report creation/import permissions and users who may view or import report templates.
Technical summary
The supplied advisory describes a stored XSS condition in the Reports feature. The attacker path requires either authenticated report privileges or social engineering that leads a victim to import a malicious report template. Because the payload executes in the browser context of the victim, impact can include unauthorized actions performed as that user, modification of application data, disruption of application availability, and exposure of limited sensitive information. The source corpus assigns CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H, reflecting network reachability, low attack complexity, required privileges, required user interaction, and high integrity/availability impact.
Defensive priority
High
Recommended defensive actions
- Apply the vendor remediation guidance from the advisory corpus: upgrade to v26.2.0 and contact customer support for patch/update information.
- Restrict report creation, editing, and import privileges to only the users who truly need them.
- Treat imported report templates as untrusted content and review them before use.
- Monitor for suspicious or unexpected report creation, modification, and import activity.
- Use defense-in-depth controls recommended by CISA for industrial control systems, including least privilege and user awareness for social-engineering delivery paths.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-26-015-07 and its cited Siemens ProductCERT sources. The advisory was first published on 2026-01-13 and last updated on 2026-05-14 in the supplied corpus. The description, impact, and remediation language are taken from the source item. The corpus does not include a KEV listing for this CVE. The remediation text in the source corpus names v26.2.0; confirm applicability against the vendor advisory for this product line before deploying changes.
Official resources
-
CVE-2025-40892 CVE record
CVE.org
-
CVE-2025-40892 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied vendor/CISA advisory corpus on 2026-01-13, with the latest republication update in the corpus dated 2026-05-14. No KEV entry is provided in the supplied data.