CVE-2025-40771 | THREATINT

Description

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-14 | Updated 2025-10-14 | Assigner siemens

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unknown

Any version before V2.4.24

affected

Default status

unknown

Any version before V2.4.24

affected

Default status

unknown

Any version before V2.4.24

affected

Default status

unknown

Any version before V2.4.24

affected

Default status

unknown

Any version before V2.4.24

affected

Default status

unknown

Any version before V2.4.24

affected

References

cert-portal.siemens.com/productcert/html/ssa-486936.html

cve.org (CVE-2025-40771)

nvd.nist.gov (CVE-2025-40771)

Download JSON