CVE-2026-41918
Description
RUGGEDCOM RST2428P devices store sensitive info in browser cache, allowing authenticated attackers to access it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
RUGGEDCOM RST2428P devices store sensitive info in browser cache, allowing authenticated attackers to access it.
Vulnerability
A vulnerability exists in RUGGEDCOM RST2428P (6GK6242-6PA00) devices, affecting all versions prior to V4.0. The application stores sensitive information within the browser cache when an authenticated user modifies specific configurations.
Exploitation
An authenticated attacker can exploit this vulnerability by accessing the browser cache of a user who has previously modified configurations on the affected device. No other specific conditions or steps are disclosed in the available references.
Impact
Successful exploitation allows an authenticated attacker to access sensitive data that has been stored in the browser cache. The scope and specific nature of the sensitive data are not detailed in the available references.
Mitigation
Siemens has released version V4.0 as a remediation for this vulnerability. The release date for V4.0 is not specified in the available references. Users are advised to update to V4.0 or later to address the vulnerability [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <V4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.