Improper Privilege Management in SINAMICS Devices by Siemens
CVE-2025-40594

6.9MEDIUM

What is CVE-2025-40594?

A vulnerability in Siemens SINAMICS devices allows unauthorized factory resets due to inadequate privilege management. The issue arises from leaked session privileges, enabling attackers to manipulate configuration data and potentially escalate their privileges. This poses significant risks to the integrity and security of industrial control systems.

Affected Version(s)

SINAMICS G220 V6.4 0

SINAMICS S200 V6.4 0

SINAMICS S210 V6.4 0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.