CVE-2025-40815_CVE-2025-40815

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

Basic Information

ID CVE-2025-40815

Source siemens

Published Nov 11, 2025 at 20:20

Affected Product

Vendor Siemens

Product LOGO! 12/24RCE

Affected Versions Siemens LOGO! 12/24RCE 0
Siemens LOGO! 12/24RCEo 0
Siemens LOGO! 230RCE 0
Siemens LOGO! 230RCEo 0
Siemens LOGO! 24CE 0
Siemens LOGO! 24CEo 0
Siemens LOGO! 24RCE 0
Siemens LOGO! 24RCEo 0
Siemens SIPLUS LOGO! 12/24RCE 0
Siemens SIPLUS LOGO! 12/24RCEo 0
Siemens SIPLUS LOGO! 230RCE 0
Siemens SIPLUS LOGO! 230RCEo 0
Siemens SIPLUS LOGO! 24CE 0
Siemens SIPLUS LOGO! 24CEo 0
Siemens SIPLUS LOGO! 24RCE 0
Siemens SIPLUS LOGO! 24RCEo 0

CWE Classification

CWE-120

References

cert-portal.siemens.com /productcert/html/ssa-267056.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.",
    "published": "2025-11-11T20:20:37.904Z",
    "modified": "2025-11-11T20:20:37.904Z",
    "type": "cve",
    "title": "CVE-2025-40815",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-267056.html",
    "id": "CVE-2025-40815",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120"
    ],
    "cvelist": null,
    "sourceData": "Siemens LOGO! 12/24RCE 0\nSiemens LOGO! 12/24RCEo 0\nSiemens LOGO! 230RCE 0\nSiemens LOGO! 230RCEo 0\nSiemens LOGO! 24CE 0\nSiemens LOGO! 24CEo 0\nSiemens LOGO! 24RCE 0\nSiemens LOGO! 24RCEo 0\nSiemens SIPLUS LOGO! 12/24RCE 0\nSiemens SIPLUS LOGO! 12/24RCEo 0\nSiemens SIPLUS LOGO! 230RCE 0\nSiemens SIPLUS LOGO! 230RCEo 0\nSiemens SIPLUS LOGO! 24CE 0\nSiemens SIPLUS LOGO! 24CEo 0\nSiemens SIPLUS LOGO! 24RCE 0\nSiemens SIPLUS LOGO! 24RCEo 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LOGO! 12/24RCE",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}