PatchSiren cyber security CVE debrief
CVE-2025-40898 Siemens CVE debrief
CVE-2025-40898 affects Siemens RUGGEDCOM APE1808 devices and is rated HIGH (CVSS 8.1). The issue is a path traversal weakness in the Import Arc data archive feature: an authenticated user with limited privileges can upload a specially crafted archive and potentially write arbitrary files to arbitrary paths. In practice, that can alter device configuration and may affect availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-05-14
Who should care
OT and industrial-control system operators using Siemens RUGGEDCOM APE1808, especially teams that allow authenticated users to import Arc data archives. Security, platform, and incident-response teams should treat this as a configuration-integrity and availability risk.
Technical summary
The advisory describes insufficient validation of the uploaded Arc data archive in the Import Arc data archive functionality. Because the archive content is not adequately constrained, a low-privilege authenticated user may be able to traverse directories during extraction and place files outside the intended location. The reported impact is arbitrary file write, with downstream effects including configuration tampering and service disruption. The supplied CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.
Defensive priority
High. The combination of authenticated access, arbitrary file write, and potential impact to device configuration and availability makes this a priority remediation item for exposed or operationally critical deployments.
Recommended defensive actions
- Apply the vendor-provided fix referenced in Siemens ProductCERT SSA-827968 / CISA ICSA-26-015-07 as soon as operationally feasible.
- Restrict access to archive import functions to trusted administrators only and review who can perform import operations.
- Treat imported Arc archives as untrusted input; validate files before import and monitor for unexpected paths or filenames.
- Back up device configurations before remediation and verify configuration integrity after any archive import activity.
- Monitor for unauthorized configuration changes, anomalous file creation, and availability degradation on affected devices.
- Follow Siemens and CISA industrial-control-system hardening and defense-in-depth guidance for segmentation, least privilege, and monitoring.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory data for ICSA-26-015-07 / CVE-2025-40898 and the included official references. The advisory publication date is 2026-01-13 and the latest provided update is 2026-05-14. No CISA KEV entry is indicated in the supplied corpus. The source remediation field contains a product-name inconsistency (it references Nozomi Guardian v26.2.0 while the advisory product is Siemens RUGGEDCOM APE1808), so remediation details should be verified against the vendor advisory before actioning.
Official resources
-
CVE-2025-40898 CVE record
CVE.org
-
CVE-2025-40898 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-26-015-07 on 2026-01-13, with later republication updates through 2026-05-14, based on Siemens ProductCERT SSA-827968.