Improper Privilege Management in SINAMICS Devices by Siemens
CVE-2025-40594

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sinamics G220 V6.4; Sinamics S200 V6.4; Sinamics S210 V6.4
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-40594?

A vulnerability in Siemens SINAMICS devices allows unauthorized factory resets due to inadequate privilege management. The issue arises from leaked session privileges, enabling attackers to manipulate configuration data and potentially escalate their privileges. This poses significant risks to the integrity and security of industrial control systems.

Affected Version(s)

SINAMICS G220 V6.4 0

SINAMICS S200 V6.4 0

SINAMICS S210 V6.4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0276...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON