CVE-2025-40743 | THREATINT

Description

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-12 | Assigner siemens

HIGH: 8.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

HIGH: 8.7CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-288: Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

unknown

Any version before V4.95 SP5

affected

Default status

unknown

Any version before V5.25 SP1

affected

Default status

unknown

Any version before V4.95 SP5

affected

Default status

unknown

Any version before V1.25 SP1

affected

Default status

unknown

Any version before V1.15 SP5

affected

Default status

unknown

Any version before V6.25 SP1

affected

Default status

unknown

Any version before V6.15 SP5

affected

References

cert-portal.siemens.com/productcert/html/ssa-177847.html

cve.org (CVE-2025-40743)

nvd.nist.gov (CVE-2025-40743)

Download JSON