CVE-2025-40817 | THREATINT

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner siemens

MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

Default status

unknown

Any version before *

affected

References

cert-portal.siemens.com/productcert/html/ssa-267056.html

cve.org (CVE-2025-40817)

nvd.nist.gov (CVE-2025-40817)

Download JSON