CVE-2025-40759
Essential information
- Published
- 12/08/2025 12:15
- Modified
- 12/08/2025 14:25
- Author
- —
- Creator
- —
- CVSS
- 8.5 HIGH (v3) 8.5 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- PASSIVE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- HIGH
- Integrity (S)
- NONE
- Availability (V)
- HIGH
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions). Affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| siemens / s7-plcsim | cpe:2.3:a:siemens:s7-plcsim:*:*:*:*:*:*:*:* |
| siemens / step 7 | cpe:2.3:a:siemens:step_7:17:*:*:*:*:*:*:* |
| siemens / step 7 | cpe:2.3:a:siemens:step_7:18:*:*:*:*:*:*:* |
| siemens / step 7 | cpe:2.3:a:siemens:step_7:19:<19.4:*:*:*:*:*:* |
| siemens / step 7 | cpe:2.3:a:siemens:step_7:20:*:*:*:*:*:*:* |
| siemens / wincc | cpe:2.3:a:siemens:wincc:17:*:*:*:*:*:*:* |
| siemens / wincc | cpe:2.3:a:siemens:wincc:18:*:*:*:*:*:*:* |
| siemens / wincc | cpe:2.3:a:siemens:wincc:19:<19.4:*:*:*:*:*:* |
| siemens / wincc | cpe:2.3:a:siemens:wincc:20:*:*:*:*:*:*:* |
| siemens / simocode es | cpe:2.3:a:siemens:simocode_es:17:*:*:*:*:*:*:* |
| siemens / simocode es | cpe:2.3:a:siemens:simocode_es:18:*:*:*:*:*:*:* |
| siemens / simocode es | cpe:2.3:a:siemens:simocode_es:19:*:*:*:*:*:*:* |
| siemens / simocode es | cpe:2.3:a:siemens:simocode_es:20:*:*:*:*:*:*:* |
| siemens / simotion scout tia | cpe:2.3:a:siemens:simotion_scout_tia:5.4:*:*:*:*:*:*:* |
| siemens / simotion scout tia | cpe:2.3:a:siemens:simotion_scout_tia:5.5:*:*:*:*:*:*:* |
| siemens / simotion scout tia | cpe:2.3:a:siemens:simotion_scout_tia:5.6:<5.6_sp1_hf7:*:*:*:*:*:* |
| siemens / simotion scout tia | cpe:2.3:a:siemens:simotion_scout_tia:5.7:*:*:*:*:*:*:* |
| siemens / sinamics startdrive | cpe:2.3:a:siemens:sinamics_startdrive:17:*:*:*:*:*:*:* |
| siemens / sinamics startdrive | cpe:2.3:a:siemens:sinamics_startdrive:18:*:*:*:*:*:*:* |
| siemens / sinamics startdrive | cpe:2.3:a:siemens:sinamics_startdrive:19:*:*:*:*:*:*:* |
| siemens / sinamics startdrive | cpe:2.3:a:siemens:sinamics_startdrive:20:*:*:*:*:*:*:* |
| siemens / sirius safety es | cpe:2.3:a:siemens:sirius_safety_es:17:*:*:*:*:*:*:* |
| siemens / sirius safety es | cpe:2.3:a:siemens:sirius_safety_es:18:*:*:*:*:*:*:* |
| siemens / sirius safety es | cpe:2.3:a:siemens:sirius_safety_es:19:*:*:*:*:*:*:* |
| siemens / sirius safety es | cpe:2.3:a:siemens:sirius_safety_es:20:*:*:*:*:*:*:* |
| siemens / sirius soft starter es | cpe:2.3:a:siemens:sirius_soft_starter_es:17:*:*:*:*:*:*:* |
| siemens / sirius soft starter es | cpe:2.3:a:siemens:sirius_soft_starter_es:18:*:*:*:*:*:*:* |
| siemens / sirius soft starter es | cpe:2.3:a:siemens:sirius_soft_starter_es:19:*:*:*:*:*:*:* |
| siemens / sirius soft starter es | cpe:2.3:a:siemens:sirius_soft_starter_es:20:*:*:*:*:*:*:* |
| siemens / tia portal cloud | cpe:2.3:a:siemens:tia_portal_cloud:17:*:*:*:*:*:*:* |
| siemens / tia portal cloud | cpe:2.3:a:siemens:tia_portal_cloud:18:*:*:*:*:*:*:* |
| siemens / tia portal cloud | cpe:2.3:a:siemens:tia_portal_cloud:19:<5.2.1.1:*:*:*:*:*:* |
| siemens / tia portal cloud | cpe:2.3:a:siemens:tia_portal_cloud:20:*:*:*:*:*:*:* |