Vulnerability-Lookup

CNVD-2026-13780

Vulnerability from cnvd - Published: 2026-03-17

Title

Siemens SINAMICS G220、SINAMICS S210和SINAMICS S200权限提升漏洞

Description

SINAMICS G220‌是西门子（Siemens）推出的一款‌高性能单轴变频驱动器。SINAMICS S210是西门子推出的一款‌高性能单轴伺服驱动系统。SINAMICS S200‌是西门子推出的一款面向标准自动化应用的‌高性能、高性价比单轴交流伺服驱动系统。 Siemens SINAMICS G220 、SINAMICS S210和SINAMICS S200存在权限提升漏洞，攻击者可利用漏洞提升权限。

Severity

中

Patch Name

Siemens SINAMICS G220、SINAMICS S210和SINAMICS S200权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://cert-portal.siemens.com/productcert/html/ssa-027652.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-027652.html

Impacted products

Name
['Siemens SINAMICS G220 <V6.4 HF2', 'Siemens SINAMICS S200 <V6.4 HF7', 'Siemens SINAMICS S210 <V6.4 HF2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-40594",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-40594"
    }
  },
  "description": "SINAMICS G220\u200c\u662f\u897f\u95e8\u5b50\uff08Siemens\uff09\u63a8\u51fa\u7684\u4e00\u6b3e\u200c\u9ad8\u6027\u80fd\u5355\u8f74\u53d8\u9891\u9a71\u52a8\u5668\u3002SINAMICS S210\u662f\u897f\u95e8\u5b50\u63a8\u51fa\u7684\u4e00\u6b3e\u200c\u9ad8\u6027\u80fd\u5355\u8f74\u4f3a\u670d\u9a71\u52a8\u7cfb\u7edf\u3002SINAMICS S200\u200c\u662f\u897f\u95e8\u5b50\u63a8\u51fa\u7684\u4e00\u6b3e\u9762\u5411\u6807\u51c6\u81ea\u52a8\u5316\u5e94\u7528\u7684\u200c\u9ad8\u6027\u80fd\u3001\u9ad8\u6027\u4ef7\u6bd4\u5355\u8f74\u4ea4\u6d41\u4f3a\u670d\u9a71\u52a8\u7cfb\u7edf\u3002\n\nSiemens SINAMICS G220 \u3001SINAMICS S210\u548cSINAMICS S200\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-027652.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-13780",
  "openTime": "2026-03-17",
  "patchDescription": "SINAMICS G220\u200c\u662f\u897f\u95e8\u5b50\uff08Siemens\uff09\u63a8\u51fa\u7684\u4e00\u6b3e\u200c\u9ad8\u6027\u80fd\u5355\u8f74\u53d8\u9891\u9a71\u52a8\u5668\u3002SINAMICS S210\u662f\u897f\u95e8\u5b50\u63a8\u51fa\u7684\u4e00\u6b3e\u200c\u9ad8\u6027\u80fd\u5355\u8f74\u4f3a\u670d\u9a71\u52a8\u7cfb\u7edf\u3002SINAMICS S200\u200c\u662f\u897f\u95e8\u5b50\u63a8\u51fa\u7684\u4e00\u6b3e\u9762\u5411\u6807\u51c6\u81ea\u52a8\u5316\u5e94\u7528\u7684\u200c\u9ad8\u6027\u80fd\u3001\u9ad8\u6027\u4ef7\u6bd4\u5355\u8f74\u4ea4\u6d41\u4f3a\u670d\u9a71\u52a8\u7cfb\u7edf\u3002\r\n\r\nSiemens SINAMICS G220 \u3001SINAMICS S210\u548cSINAMICS S200\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SINAMICS G220\u3001SINAMICS S210\u548cSINAMICS S200\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINAMICS G220 \u003cV6.4 HF2",
      "Siemens SINAMICS S200 \u003cV6.4 HF7",
      "Siemens SINAMICS S210 \u003cV6.4 HF2"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-027652.html",
  "serverity": "\u4e2d",
  "submitTime": "2025-09-11",
  "title": "Siemens SINAMICS G220\u3001SINAMICS S210\u548cSINAMICS S200\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2025-40594 (GCVE-0-2025-40594)

Vulnerability from cvelistv5 – Published: 2025-09-09 08:47 – Updated: 2026-03-10 16:07

Summary

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

6.9 (Medium)


                        
                          CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

CWE

CWE-269 - Improper Privilege Management

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

SINAMICS G220 V6.4

Affected: 0 , < V6.4 HF2 (custom)

	Siemens	SINAMICS S200 V6.4	Affected: 0 , < V6.4 HF7 (custom)
	Siemens	SINAMICS S210 V6.4	Affected: 0 , < V6.4 HF2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-09T19:35:59.919331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-09T19:36:11.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G220 V6.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.4 HF2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S200 V6.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.4 HF7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S210 V6.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.4 HF2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINAMICS G220 V6.4 (All versions \u003c V6.4 HF2), SINAMICS S200 V6.4 (All versions \u003c V6.4 HF7), SINAMICS S210 V6.4 (All versions \u003c V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T16:07:46.657Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-027652.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40594",
    "datePublished": "2025-09-09T08:47:57.771Z",
    "dateReserved": "2025-04-16T08:20:17.034Z",
    "dateUpdated": "2026-03-10T16:07:46.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-13780

CVE-2025-40594 (GCVE-0-2025-40594)

Tags

Sightings

Nomenclature