216.73.217.86

CVE-2025-40584

· Published 12/08/2025 12:15 · Modified 12/08/2025 14:25

Labels: CVE-2025-40584 2025-08-12CVE-2025-40584CWE-611[email protected]

Essential information

Published
12/08/2025 12:15
Modified
12/08/2025 14:25
Author
Creator
CVSS
6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / simotion scout tia cpe:2.3:a:siemens:simotion_scout_tia:5.4:*:*:*:*:*:*:*
siemens / simotion scout tia cpe:2.3:a:siemens:simotion_scout_tia:5.5:*:*:*:*:*:*:*
siemens / simotion scout tia cpe:2.3:a:siemens:simotion_scout_tia:5.6:<5.6:sp1_hf7:*:*:*:*:*:*
siemens / simotion scout tia cpe:2.3:a:siemens:simotion_scout_tia:5.7:<5.7:sp1_hf1:*:*:*:*:*:*
siemens / sinamics starter cpe:2.3:a:siemens:sinamics_starter:5.5:*:*:*:*:*:*:*
siemens / sinamics starter cpe:2.3:a:siemens:sinamics_starter:5.6:*:*:*:*:*:*:*
siemens / sinamics starter cpe:2.3:a:siemens:sinamics_starter:5.7:*:*:*:*:*:*:*

References