CVE-2025-40817_CVE-2025-40817

6.5 / 10

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.

Basic Information

ID CVE-2025-40817

Source siemens

Published Nov 11, 2025 at 20:20

Affected Product

Vendor Siemens

Product LOGO! 12/24RCE

Affected Versions Siemens LOGO! 12/24RCE 0
Siemens LOGO! 12/24RCEo 0
Siemens LOGO! 230RCE 0
Siemens LOGO! 230RCEo 0
Siemens LOGO! 24CE 0
Siemens LOGO! 24CEo 0
Siemens LOGO! 24RCE 0
Siemens LOGO! 24RCEo 0
Siemens SIPLUS LOGO! 12/24RCE 0
Siemens SIPLUS LOGO! 12/24RCEo 0
Siemens SIPLUS LOGO! 230RCE 0
Siemens SIPLUS LOGO! 230RCEo 0
Siemens SIPLUS LOGO! 24CE 0
Siemens SIPLUS LOGO! 24CEo 0
Siemens SIPLUS LOGO! 24RCE 0
Siemens SIPLUS LOGO! 24RCEo 0

CWE Classification

CWE-306

References

cert-portal.siemens.com /productcert/html/ssa-267056.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.",
    "published": "2025-11-11T20:20:42.082Z",
    "modified": "2025-11-11T20:20:42.082Z",
    "type": "cve",
    "title": "CVE-2025-40817",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-267056.html",
    "id": "CVE-2025-40817",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Siemens LOGO! 12/24RCE 0\nSiemens LOGO! 12/24RCEo 0\nSiemens LOGO! 230RCE 0\nSiemens LOGO! 230RCEo 0\nSiemens LOGO! 24CE 0\nSiemens LOGO! 24CEo 0\nSiemens LOGO! 24RCE 0\nSiemens LOGO! 24RCEo 0\nSiemens SIPLUS LOGO! 12/24RCE 0\nSiemens SIPLUS LOGO! 12/24RCEo 0\nSiemens SIPLUS LOGO! 230RCE 0\nSiemens SIPLUS LOGO! 230RCEo 0\nSiemens SIPLUS LOGO! 24CE 0\nSiemens SIPLUS LOGO! 24CEo 0\nSiemens SIPLUS LOGO! 24RCE 0\nSiemens SIPLUS LOGO! 24RCEo 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LOGO! 12/24RCE",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}