CVE-2025-40818 | THREATINT

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner siemens

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-732: Incorrect Permission Assignment for Critical Resource

Product status

Default status

unknown

Any version before V3.2 SP4

affected

References

cert-portal.siemens.com/productcert/html/ssa-626856.html

cve.org (CVE-2025-40818)

nvd.nist.gov (CVE-2025-40818)

Download JSON