Vulnerability in Siemens IEC 1Ph and 3Ph Products Leaves Devices Exposed
CVE-2025-31929

4.1MEDIUM

Key Information:

Vendor: Siemens
Status: Iec 1ph 7.4kw Child Socket; Iec 1ph 7.4kw Child Socket/ Shutter; Iec 1ph 7.4kw Parent Cable 7m; Iec 1ph 7.4kw Parent Cable 7m Incl. Sim
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-31929?

A vulnerability has been discovered in various Siemens IEC 1Ph and 3Ph products which lack an Immutable Root of Trust in M0 Hardware. This deficiency allows an attacker with physical access to the device to exploit the flaw, potentially allowing for unauthorized code execution. The affected devices include multiple models of child sockets, parent cables, and commercial cellular systems, all of which are susceptible to this security risk due to inadequate security measures.

Affected Version(s)

IEC 1Ph 7.4kW Child socket 0

IEC 1Ph 7.4kW Child socket/ shutter 0

IEC 1Ph 7.4kW Parent cable 7m 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5569...

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 1, 2025