CVE-2025-40743_CVE-2025-40743

8.3 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification.
This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

AI Analysis

The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

Basic Information

ID CVE-2025-40743

Source siemens

Published Aug 12, 2025 at 11:17

Affected Product

Vendor Siemens

Product SINUMERIK 828D PPU.4

Affected Versions Siemens SINUMERIK 828D PPU.4 0
Siemens SINUMERIK 828D PPU.5 0
Siemens SINUMERIK 840D sl 0
Siemens SINUMERIK MC 0
Siemens SINUMERIK MC V1.15 0
Siemens SINUMERIK ONE 0
Siemens SINUMERIK ONE V6.15 0

CWE Classification

CWE-288

AI Assessment

AI Score 8.3 / 10

AI Severity HIGH

Vendor Siemens

Product SINUMERIK

Version 828D PPU.4 (All versions < V4.95 SP5), 828D PPU.5 (All versions < V5.25 SP1), 840D sl (All versions < V4.95 SP5), MC (All versions < V1.25 SP1), MC V1.15 (All versions < V1.15 SP5), ONE (All versions < V6.25 SP1), ONE V6.15 (All versions < V6.15 SP5)

References

cert-portal.siemens.com /productcert/html/ssa-177847.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification.\r\nThis could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.",
    "published": "2025-08-12T11:17:03.997Z",
    "modified": "2025-08-12T11:17:03.997Z",
    "type": "cve",
    "title": "CVE-2025-40743",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-177847.html",
    "id": "CVE-2025-40743",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Siemens SINUMERIK 828D PPU.4 0\nSiemens SINUMERIK 828D PPU.5 0\nSiemens SINUMERIK 840D sl 0\nSiemens SINUMERIK MC 0\nSiemens SINUMERIK MC V1.15 0\nSiemens SINUMERIK ONE 0\nSiemens SINUMERIK ONE V6.15 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SINUMERIK 828D PPU.4",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.",
    "ai_severity": "HIGH",
    "ai_vendor": "Siemens",
    "ai_product": "SINUMERIK",
    "ai_version": "828D PPU.4 (All versions < V4.95 SP5), 828D PPU.5 (All versions < V5.25 SP1), 840D sl (All versions < V4.95 SP5), MC (All versions < V1.25 SP1), MC V1.15 (All versions < V1.15 SP5), ONE (All versions < V6.25 SP1), ONE V6.15 (All versions < V6.15 SP5)",
    "ai_score": 8.3
}