← Back to home
ICSA-26-134-08  ·  Published 2026-05-14  ·  View on CISA ICS-CERT ↗

Siemens Siemens ROS#

CVSS 9.1 CRITICAL

Risk Summary

ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a new version for ROS# and recommends to update to the latest version.

CVEs (1)

Remediations

  • For versions before 2.2.2: - run file_server on a trusted network only. - run file_server with appropriate user rights. - run file_server only for tasks it was designed for, transferring URDF files from ROS host to target system, not as a service that runs continuously in the background. - run file_server only if manually transferring files is not possible.
  • Update to V2.2.2 or later version

Affected Vendors

Siemens

Affected Products (1)

Siemens · ROS# vers:intdot/<2.2.2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more