CVE-2025-40743
Essential information
- Published
- 12/08/2025 12:15
- Modified
- 12/08/2025 14:25
- Author
- —
- Creator
- —
- CVSS
- 8.7 HIGH (v3) 8.7 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- ADJACENT
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- HIGH
- Integrity (S)
- NONE
- Availability (V)
- LOW
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification.
This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| siemens / sinumerik 828d ppu | cpe:2.3:a:siemens:sinumerik_828d_ppu:<=4.95.sp5:*:*:*:*:*:*:* |
| siemens / sinumerik 828d ppu | cpe:2.3:a:siemens:sinumerik_828d_ppu:<=5.25.sp1:*:*:*:*:*:*:* |
| siemens / sinumerik 840d sl | cpe:2.3:a:siemens:sinumerik_840d_sl:<=4.95.sp5:*:*:*:*:*:*:* |
| siemens / sinumerik mc | cpe:2.3:a:siemens:sinumerik_mc:<=1.25.sp1:*:*:*:*:*:*:* |
| siemens / sinumerik mc v1.15 | cpe:2.3:a:siemens:sinumerik_mc_v1.15:<=1.15.sp5:*:*:*:*:*:*:* |
| siemens / sinumerik one | cpe:2.3:a:siemens:sinumerik_one:<=6.25.sp1:*:*:*:*:*:*:* |
| siemens / sinumerik one v6.15 | cpe:2.3:a:siemens:sinumerik_one_v6.15:<=6.15.sp5:*:*:*:*:*:*:* |