Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40937

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges.

Published

2025-12-09T16:17:47.260

Last Modified

2025-12-10T21:37:50.663

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	simatic_cn_4100_firmware	< 4.0.1	Yes
Hardware	siemens	simatic_cn_4100	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-416652.html Vendor Advisory ([email protected])