Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-40944 (GCVE-0-2025-40944)
Vulnerability from cvelistv5 – Published: 2026-01-13 09:44 – Updated: 2026-01-13 17:21
VLAI?
EPSS
Summary
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.
This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T17:20:16.564311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:21:36.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200AL IM 157-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 MF HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN R1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/MF Coupler",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET PN/PN Coupler",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions \u003c V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions \u003c V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions \u003c V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions \u003c V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions \u003e= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions \u003c V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\r\n\r\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:44:05.792Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40944",
"datePublished": "2026-01-13T09:44:05.792Z",
"dateReserved": "2025-04-16T09:06:15.879Z",
"dateUpdated": "2026-01-13T17:21:36.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40944\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2026-01-13T10:15:58.457\",\"lastModified\":\"2026-01-13T14:03:18.990\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions \u003c V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions \u003c V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions \u003c V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions \u003c V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions \u003e= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions \u003c V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\\r\\n\\r\\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-674753.html\",\"source\":\"productcert@siemens.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-40944\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-13T17:20:16.564311Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-13T17:21:33.216Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200AL IM 157-1 PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200MP IM 155-5 PN HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP IM 155-6 MF HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP IM 155-6 PN R1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP IM 155-6 PN/2 HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC ET 200SP IM 155-6 PN/3 HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.2.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PN/MF Coupler\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PN/PN Coupler\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200MP IM 155-5 PN HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200MP IM 155-5 PN HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP IM 155-6 PN HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP IM 155-6 PN HF\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP IM 155-6 PN HF TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.2.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET PN/PN Coupler\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V6.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-674753.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions \u003c V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions \u003c V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions \u003c V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions \u003c V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions \u003e= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions \u003c V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\\r\\n\\r\\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2026-01-13T09:44:05.792Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-40944\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-13T17:21:36.848Z\", \"dateReserved\": \"2025-04-16T09:06:15.879Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2026-01-13T09:44:05.792Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-VQMM-3555-WQ2Q
Vulnerability from github – Published: 2026-01-13 12:31 – Updated: 2026-01-13 12:31
VLAI?
Details
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.
This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-40944"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T10:15:58Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions \u003c V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions \u003c V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions \u003c V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions \u003c V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions \u003e= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions \u003c V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\n\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.",
"id": "GHSA-vqmm-3555-wq2q",
"modified": "2026-01-13T12:31:13Z",
"published": "2026-01-13T12:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40944"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
SSA-674753
Vulnerability from csaf_siemens - Published: 2026-01-13 00:00 - Updated: 2026-02-10 00:00Summary
SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices
Notes
Summary
Siemens ET 200 devices contain a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens ET 200 devices contain a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
},
{
"category": "self",
"summary": "SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-674753.json"
}
],
"title": "SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices",
"tracking": {
"current_release_date": "2026-02-10T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-674753",
"initial_release_date": "2026-01-13T00:00:00Z",
"revision_history": [
{
"date": "2026-01-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2026-02-10T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added Researcher to Acknowledgements"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6ES7157-1AB00-0AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6ES7155-5AA00-0AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6MU00-0CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.3",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c6.0.1",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6AU00-0HM0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0)",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6AU01-0CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.2.2",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0)",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6AU30-0CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"6ES7158-3MU10-0XA0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c6.0.0",
"product": {
"name": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"6ES7158-3AD10-0XA0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0)",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"6AG1155-5AA00-2AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0)",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"6AG1155-5AA00-7AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0)",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"6AG2155-5AA00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0)",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"6AG1155-6AU01-2CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0)",
"product_id": "14",
"product_identification_helper": {
"model_numbers": [
"6AG1155-6AU01-7CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0)",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"6AG2155-6AU01-1CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0)",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"6AG2155-6AU01-4CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c6.0.0",
"product": {
"name": "SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"6AG2158-3AD10-4XA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40944",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\r\n\r\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Filter the port 102 of the devices to only accepted connections to/from the IP addresses of machines that are trusted e.g. with an external firewall.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17"
]
},
{
"category": "mitigation",
"details": "Restrict access to the network where S7 communication messages are exchanged.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"6",
"8",
"10",
"11",
"12",
"13",
"14",
"15",
"16"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.3 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109987451/"
},
{
"category": "vendor_fix",
"details": "Update to V4.2.2 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109769419/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.0 or later version",
"product_ids": [
"9",
"17"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109760973/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.1 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109816000/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17"
]
}
],
"title": "CVE-2025-40944"
}
]
}
CERTFR-2026-AVI-0139
Vulnerability from certfr_avis - Published: 2026-02-10 - Updated: 2026-02-10
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions antérieures à 6.0.1 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions antérieures à 4.2.2 | ||
| Siemens | N/A | Desigo CC versions antérieures à V8.0 QU2 | ||
| Siemens | SIMATIC | SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions antérieures à 6.0.0 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions antérieures à 1.3 | ||
| Siemens | SIMATIC | SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions supérieures ou égales à 4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | N/A | Desigo CC toutes versions | ||
| Siemens | SIMATIC | SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions supérieures ou égales à 4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC versions ant\u00e9rieures \u00e0 V8.0 QU2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions sup\u00e9rieures ou \u00e9gales \u00e0 4.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions sup\u00e9rieures ou \u00e9gales \u00e0 4.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40944"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"initial_release_date": "2026-02-10T00:00:00",
"last_revision_date": "2026-02-10T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0139",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-507364",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-507364.html"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssb-491780",
"url": "https://cert-portal.siemens.com/productcert/html/ssb-491780.html"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-674753",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
]
}
CERTFR-2026-AVI-0032
Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC227E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions antérieures à 6.0.1 | ||
| Siemens | SIMATIC | SIMATIC IPC BX-39A Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions supérieures ou égales à4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) versions antérieures à 21 | ||
| Siemens | SCALANCE | SCALANCE LPE9433 (6GK5998-3GS11-2AC2) versions antérieures à 2.2 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions antérieures à 4.2.2 | ||
| Siemens | SIMATIC | SIMATIC Automation Workstation 24" (6AV7256-6CA00-0FP0) toutes versions pour la vulnérabilité CVE-2025-40805 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) versions antérieures à 21 | ||
| Siemens | SCALANCE | SCALANCE LPE9413 (6GK5998-3GS01-2AC2) versions antérieures à 2.2 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC Automation Workstation 19" (6AV7256-6CA01-0FP0) toutes versions pour la vulnérabilité CVE-2025-40805 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions antérieures à 6.0.0 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC127E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions antérieures à 1.3 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IOT2050 (6ES7647-0BA00-1YA2) versions antérieures à 1.25.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC427E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions supérieures ou égales à4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC BX-59A Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC227G Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC847E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) versions antérieures à 21 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC227E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC BX-39A Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions sup\u00e9rieures ou \u00e9gales \u00e04.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9433 (6GK5998-3GS11-2AC2) versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Workstation 24\" (6AV7256-6CA00-0FP0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40805",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9413 (6GK5998-3GS01-2AC2) versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Workstation 19\" (6AV7256-6CA01-0FP0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40805",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IOT2050 (6ES7647-0BA00-1YA2) versions ant\u00e9rieures \u00e0 1.25.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions sup\u00e9rieures ou \u00e9gales \u00e04.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC BX-59A Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC227G Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC847E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40944"
},
{
"name": "CVE-2025-40805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40805"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0032",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-001536",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-001536.html"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-674753",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
]
}
CERTFR-2026-AVI-0139
Vulnerability from certfr_avis - Published: 2026-02-10 - Updated: 2026-02-10
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions antérieures à 6.0.1 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions antérieures à 4.2.2 | ||
| Siemens | N/A | Desigo CC versions antérieures à V8.0 QU2 | ||
| Siemens | SIMATIC | SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions antérieures à 6.0.0 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions antérieures à 1.3 | ||
| Siemens | SIMATIC | SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions supérieures ou égales à 4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | N/A | Desigo CC toutes versions | ||
| Siemens | SIMATIC | SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions supérieures ou égales à 4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC versions ant\u00e9rieures \u00e0 V8.0 QU2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions sup\u00e9rieures ou \u00e9gales \u00e0 4.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions sup\u00e9rieures ou \u00e9gales \u00e0 4.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40944"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"initial_release_date": "2026-02-10T00:00:00",
"last_revision_date": "2026-02-10T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0139",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-507364",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-507364.html"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssb-491780",
"url": "https://cert-portal.siemens.com/productcert/html/ssb-491780.html"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-674753",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
]
}
CERTFR-2026-AVI-0032
Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC227E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions antérieures à 6.0.1 | ||
| Siemens | SIMATIC | SIMATIC IPC BX-39A Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions supérieures ou égales à4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) versions antérieures à 21 | ||
| Siemens | SCALANCE | SCALANCE LPE9433 (6GK5998-3GS11-2AC2) versions antérieures à 2.2 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions antérieures à 4.2.2 | ||
| Siemens | SIMATIC | SIMATIC Automation Workstation 24" (6AV7256-6CA00-0FP0) toutes versions pour la vulnérabilité CVE-2025-40805 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) versions antérieures à 21 | ||
| Siemens | SCALANCE | SCALANCE LPE9413 (6GK5998-3GS01-2AC2) versions antérieures à 2.2 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC Automation Workstation 19" (6AV7256-6CA01-0FP0) toutes versions pour la vulnérabilité CVE-2025-40805 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions antérieures à 6.0.0 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC127E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions antérieures à 1.3 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IOT2050 (6ES7647-0BA00-1YA2) versions antérieures à 1.25.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC427E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions supérieures ou égales à4.2.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC BX-59A Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC227G Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) versions antérieures à 21 | ||
| Siemens | SIMATIC | SIMATIC IPC847E Industrial Edge Device versions antérieures à 3.1 | ||
| Siemens | SIMATIC | SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40944. | ||
| Siemens | SIMATIC | SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) versions antérieures à 21 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC227E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC BX-39A Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) versions sup\u00e9rieures ou \u00e9gales \u00e04.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9433 (6GK5998-3GS11-2AC2) versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) versions ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Workstation 24\" (6AV7256-6CA00-0FP0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40805",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9413 (6GK5998-3GS01-2AC2) versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Workstation 19\" (6AV7256-6CA01-0FP0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40805",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IOT2050 (6ES7647-0BA00-1YA2) versions ant\u00e9rieures \u00e0 1.25.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) versions sup\u00e9rieures ou \u00e9gales \u00e04.2.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC BX-59A Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC227G Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC847E Industrial Edge Device versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40944.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40944"
},
{
"name": "CVE-2025-40805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40805"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0032",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-001536",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-001536.html"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-674753",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
]
}
FKIE_CVE-2025-40944
Vulnerability from fkie_nvd - Published: 2026-01-13 10:15 - Updated: 2026-01-13 14:03
Severity ?
Summary
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.
This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions \u003c V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions \u003c V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions \u003e= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions \u003c V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions \u003c V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions \u003e= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions \u003e= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions \u003c V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\r\n\r\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation."
}
],
"id": "CVE-2025-40944",
"lastModified": "2026-01-13T14:03:18.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2026-01-13T10:15:58.457",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
ICSA-26-015-04
Vulnerability from csaf_cisa - Published: 2026-01-13 00:00 - Updated: 2026-02-12 07:00Summary
Siemens SIMATIC and SIPLUS products
Notes
Summary
Siemens ET 200 devices contain a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-674753 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reported this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens ET 200 devices contain a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-674753 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-674753.json"
},
{
"category": "self",
"summary": "SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-015-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-015-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-26-015-04 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens SIMATIC and SIPLUS products",
"tracking": {
"current_release_date": "2026-02-12T07:00:00.000000Z",
"generator": {
"date": "2026-02-11T22:36:07.834685Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.5.0"
}
},
"id": "ICSA-26-015-04",
"initial_release_date": "2026-01-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2026-01-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2026-01-14T22:27:41.734336Z",
"legacy_version": "Additional Release 1",
"number": "2",
"summary": "Initial Republication of Siemens ProductCERT SSA-674753 advisory"
},
{
"date": "2026-02-10T00:00:00.000000Z",
"legacy_version": "Additional Release 2",
"number": "3",
"summary": "Added Researcher to Acknowledgements"
},
{
"date": "2026-02-12T07:00:00.000000Z",
"legacy_version": "Latest Updated CISA Republication",
"number": "4",
"summary": "CISA Republication update based on Siemens ProductCERT SSA-674753 advisory"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6ES7157-1AB00-0AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6ES7155-5AA00-0AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6MU00-0CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.3",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c6.0.1",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6AU00-0HM0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6AU01-0CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.2.2",
"product": {
"name": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6ES7155-6AU30-0CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6ES7158-3MU10-0XA0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c6.0.0",
"product": {
"name": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6ES7158-3AD10-0XA0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6AG1155-5AA00-2AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6AG1155-5AA00-7AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6AG2155-5AA00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6AG1155-6AU01-2CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6AG1155-6AU01-7CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6AG2155-6AU01-1CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=4.2.0",
"product": {
"name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6AG2155-6AU01-4CN0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c6.0.0",
"product": {
"name": "SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6AG2158-3AD10-4XA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40944",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state.\r\n\r\nThis could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40944"
},
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Filter the port 102 of the devices to only accepted connections to/from the IP addresses of machines that are trusted e.g. with an external firewall.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
{
"category": "mitigation",
"details": "Restrict access to the network where S7 communication messages are exchanged.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0006",
"CSAFPID-0008",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.3 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109987451/"
},
{
"category": "vendor_fix",
"details": "Update to V4.2.2 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109769419/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.0 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0017"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109760973/"
},
{
"category": "vendor_fix",
"details": "Update to V6.0.1 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109816000/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
}
],
"title": "CVE-2025-40944"
}
]
}
NCSC-2026-0005
Vulnerability from csaf_ncscnl - Published: 2026-01-13 12:05 - Updated: 2026-01-13 12:05Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, SCALANCE, SIMATIC, SIPLUS en Telecontrol Server.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (root/admin rechten)
- Toegang tot systeemgegevens
- Verhogen van rechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-250
Execution with Unnecessary Privileges
CWE-400
Uncontrolled Resource Consumption
CWE-639
Authorization Bypass Through User-Controlled Key
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, SCALANCE, SIMATIC, SIPLUS en Telecontrol Server.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Verhogen van rechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"title": "CWE-80"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-001536.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-014678.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-192617.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-674753.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2026-01-13T12:05:57.353070Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0005",
"initial_release_date": "2026-01-13T12:05:57.353070Z",
"revision_history": [
{
"date": "2026-01-13T12:05:57.353070Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Industrial Edge Cloud Device (IECD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.11"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.13"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.22"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.23"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.24"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.25"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.11"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.13"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.22"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.23"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-37"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.24"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-38"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.25"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-39"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-40"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-41"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-42"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-43"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-44"
}
}
],
"category": "product_name",
"name": "Industrial Edge Own Device (IEOD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-45"
}
}
],
"category": "product_name",
"name": "Industrial Edge Virtual Device (IEVD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-46"
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9413"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-47"
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9433"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-48"
}
}
],
"category": "product_name",
"name": "SIMATIC Automation Workstation 19\""
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-49"
}
}
],
"category": "product_name",
"name": "SIMATIC Automation Workstation 24\""
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-50"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200AL IM 157-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-51"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200MP IM 155-5 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-52"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 MF HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-53"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-54"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN R1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-55"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN/2 HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-56"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN/3 HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-57"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1000 Unified Comfort Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-58"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-59"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-60"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1000, Unified Comfort Panel neutral"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-61"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-62"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-63"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-64"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-65"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-66"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-67"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Unified Comfort Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-68"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-69"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-70"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1200 Unified Comfort Panel neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-71"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-72"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-73"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-74"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-75"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-76"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-77"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Unified Comfort Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-78"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-79"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-80"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1500 Unified Comfort Panel neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-81"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-82"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-83"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-84"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-85"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-86"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-87"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Unified Comfort Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-88"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-89"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-90"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP1900 Unified Comfort Panel neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-91"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-92"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-93"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-94"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-95"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-96"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-97"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Unified Comfort Hygienic"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-98"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-99"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Unified Comfort Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-100"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP2200 Unified Comfort Panel neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-101"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-102"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP700, Unified Comfort Panel neutral design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-103"
}
}
],
"category": "product_name",
"name": "SIMATIC HMI MTP700\u00a0Unified Comfort Panel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-104"
}
}
],
"category": "product_name",
"name": "SIMATIC IOT2050"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-105"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC BX-39A Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-106"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC BX-59A Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-107"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC127E Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-108"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC227E Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-109"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC227G Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-110"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC427E Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-111"
}
}
],
"category": "product_name",
"name": "SIMATIC IPC847E Industrial Edge Device"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-112"
}
}
],
"category": "product_name",
"name": "SIMATIC PN/MF Coupler"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-113"
}
}
],
"category": "product_name",
"name": "SIMATIC PN/PN Coupler"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-114"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-115"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-116"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-117"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-118"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-119"
}
}
],
"category": "product_name",
"name": "SIPLUS HMI MTP1000 Unified Comfort"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-120"
}
}
],
"category": "product_name",
"name": "SIPLUS HMI MTP1200 Unified Comfort"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-121"
}
}
],
"category": "product_name",
"name": "SIPLUS HMI MTP700 Unified Comfort"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-122"
}
}
],
"category": "product_name",
"name": "SIPLUS NET PN/PN Coupler"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-123"
}
}
],
"category": "product_name",
"name": "TeleControl Server Basic"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40805",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "description",
"text": "A vulnerability in certain devices allows unauthenticated remote attackers to bypass user authentication on specific API endpoints, potentially impersonating legitimate users if they know the user\u0027s identity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40805 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40805.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40805"
},
{
"cve": "CVE-2025-40891",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A Stored HTML Injection vulnerability in the Time Machine Snapshot Diff feature allows unauthenticated attackers to inject HTML tags, potentially leading to phishing and open redirect attacks, though full exploitation is complex due to mitigations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40891 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40891"
},
{
"cve": "CVE-2025-40892",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A Stored Cross-Site Scripting vulnerability in the Reports functionality allows authenticated users to create malicious reports that execute JavaScript in victims\u0027 browsers, leading to unauthorized actions and data exposure.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40892 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40892.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40892"
},
{
"cve": "CVE-2025-40893",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A Stored HTML Injection vulnerability in the Asset List functionality allows unauthenticated attackers to inject HTML tags into asset attributes, posing a risk for phishing attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40893 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40893.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40893"
},
{
"cve": "CVE-2025-40898",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A path traversal vulnerability in the Import Arc data archive functionality allows limited-privileged authenticated users to upload malicious files, potentially compromising device configuration and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40898 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40898.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40898"
},
{
"cve": "CVE-2025-40942",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "description",
"text": "A local privilege escalation vulnerability exists in all versions of TeleControl Server Basic prior to V3.1.2.4, enabling attackers to execute arbitrary code with elevated privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40942 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40942.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40942"
},
{
"cve": "CVE-2025-40944",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in SIMATIC ET 200 and SIPLUS devices can lead to denial-of-service due to improper handling of S7 protocol session disconnect requests, necessitating a power cycle for recovery.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40944.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84",
"CSAFPID-85",
"CSAFPID-86",
"CSAFPID-87",
"CSAFPID-88",
"CSAFPID-89",
"CSAFPID-90",
"CSAFPID-91",
"CSAFPID-92",
"CSAFPID-93",
"CSAFPID-94",
"CSAFPID-95",
"CSAFPID-96",
"CSAFPID-97",
"CSAFPID-98",
"CSAFPID-99",
"CSAFPID-100",
"CSAFPID-101",
"CSAFPID-102",
"CSAFPID-103",
"CSAFPID-104",
"CSAFPID-105",
"CSAFPID-106",
"CSAFPID-107",
"CSAFPID-108",
"CSAFPID-109",
"CSAFPID-110",
"CSAFPID-111",
"CSAFPID-112",
"CSAFPID-113",
"CSAFPID-114",
"CSAFPID-115",
"CSAFPID-116",
"CSAFPID-117",
"CSAFPID-118",
"CSAFPID-119",
"CSAFPID-120",
"CSAFPID-121",
"CSAFPID-122",
"CSAFPID-123"
]
}
],
"title": "CVE-2025-40944"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…