Authentication Bypass in SIRIUS Safety Relays and Modular Safety System by Siemens
CVE-2025-24009

8.2HIGH

Key Information:

Vendor: Siemens
Status: Sirius 3rk3 Modular Safety System (mss); Sirius Safety Relays 3sk2
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-24009?

A security issue has been discovered in SIRIUS 3RK3 Modular Safety System and SIRIUS Safety Relays 3SK2, where critical resources can be accessed without authentication. This vulnerability allows individuals with network access to retrieve sensitive information, including obfuscated safety passwords, potentially compromising the safety and integrity of industrial systems.

Affected Version(s)

SIRIUS 3RK3 Modular Safety System (MSS) 0

SIRIUS Safety Relays 3SK2 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2227...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Jan 16, 2025