Home

Description

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner siemens




MEDIUM: 6.3CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
MEDIUM: 6.9CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

Problem types

CWE-269: Improper Privilege Management

Product status

Default status
unknown

Any version before V6.4 HF2
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before V6.4 HF2
affected

References

cert-portal.siemens.com/productcert/html/ssa-027652.html

cve.org (CVE-2025-40594)

nvd.nist.gov (CVE-2025-40594)

Download JSON