Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40594

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Published

2025-09-09T09:15:36.743

Last Modified

2025-10-20T19:20:29.113

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-269
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	sinamics_g220_firmware	6.4	Yes
Operating System	siemens	sinamics_g220_firmware	6.4	Yes
Hardware	siemens	sinamics_g220	-	No
Operating System	siemens	sinamics_s200_firmware	6.4	Yes
Hardware	siemens	sinamics_s200	-	No
Operating System	siemens	sinamics_s210_firmware	6.4	Yes
Operating System	siemens	sinamics_s210_firmware	6.4	Yes
Hardware	siemens	sinamics_s210	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-027652.html Vendor Advisory ([email protected])