CVE-2025-40584_CVE-2025-40584

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Description

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.

AI Analysis

A vulnerability has been identified in SIMOTION SCOUT TIA and SINAMICS STARTER products, containing a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.

Basic Information

ID CVE-2025-40584

Source siemens

Published Aug 12, 2025 at 11:17

Affected Product

Vendor Siemens

Product SIMOTION SCOUT TIA V5.4

Affected Versions Siemens SIMOTION SCOUT TIA V5.4 0
Siemens SIMOTION SCOUT TIA V5.5 0
Siemens SIMOTION SCOUT TIA V5.6 0
Siemens SIMOTION SCOUT TIA V5.7 0
Siemens SIMOTION SCOUT V5.4 0
Siemens SIMOTION SCOUT V5.5 0
Siemens SIMOTION SCOUT V5.6 0
Siemens SIMOTION SCOUT V5.7 0
Siemens SINAMICS STARTER V5.5 0
Siemens SINAMICS STARTER V5.6 0
Siemens SINAMICS STARTER V5.7 0

CWE Classification

CWE-611

AI Assessment

AI Score 5.5 / 10

AI Severity MEDIUM

Vendor Siemens

Product SIMOTION SCOUT TIA, SIMOTION SCOUT, SINAMICS STARTER

Version V5.4, V5.5, V5.6, V5.7

References

cert-portal.siemens.com /productcert/html/ssa-186293.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.",
    "published": "2025-08-12T11:17:02.605Z",
    "modified": "2025-08-12T11:17:02.605Z",
    "type": "cve",
    "title": "CVE-2025-40584",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-186293.html",
    "id": "CVE-2025-40584",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611"
    ],
    "cvelist": null,
    "sourceData": "Siemens SIMOTION SCOUT TIA V5.4 0\nSiemens SIMOTION SCOUT TIA V5.5 0\nSiemens SIMOTION SCOUT TIA V5.6 0\nSiemens SIMOTION SCOUT TIA V5.7 0\nSiemens SIMOTION SCOUT V5.4 0\nSiemens SIMOTION SCOUT V5.5 0\nSiemens SIMOTION SCOUT V5.6 0\nSiemens SIMOTION SCOUT V5.7 0\nSiemens SINAMICS STARTER V5.5 0\nSiemens SINAMICS STARTER V5.6 0\nSiemens SINAMICS STARTER V5.7 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SIMOTION SCOUT TIA V5.4",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "A vulnerability has been identified in SIMOTION SCOUT TIA and SINAMICS STARTER products, containing a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.",
    "ai_severity": "MEDIUM",
    "ai_vendor": "Siemens",
    "ai_product": "SIMOTION SCOUT TIA, SIMOTION SCOUT, SINAMICS STARTER",
    "ai_version": "V5.4, V5.5, V5.6, V5.7",
    "ai_score": 5.5
}