216.73.217.22

CVE-2025-40771

· Published 14/10/2025 10:15 · Modified 14/10/2025 19:36

Labels: CVE-2025-40771 2025-10-14CVE-2025-40771CWE-306[email protected]

Essential information

Published
14/10/2025 10:15
Modified
14/10/2025 19:36
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / simatic cp 1542sp-1 cpe:2.3:a:siemens:simatic_cp_1542sp-1:<2.4.24>*:*:*:*:*:*:*
siemens / simatic cp 1542sp-1 irc cpe:2.3:a:siemens:simatic_cp_1542sp-1_irc:<2.4.24>*:*:*:*:*:*:*
siemens / simatic cp 1543sp-1 cpe:2.3:a:siemens:simatic_cp_1543sp-1:<2.4.24>*:*:*:*:*:*:*
siemens / siplus et 200sp cp 1542sp-1 irc tx rail cpe:2.3:a:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:<2.4.24>*:*:*:*:*:*:*
siemens / siplus et 200sp cp 1543sp-1 isec cpe:2.3:a:siemens:siplus_et_200sp_cp_1543sp-1_isec:<2.4.24>*:*:*:*:*:*:*
siemens / siplus et 200sp cp 1543sp-1 isec tx rail cpe:2.3:a:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:<2.4.24>*:*:*:*:*:*:*

References