Improper Privilege Management in SINAMICS Devices by Siemens
CVE-2025-40594
6.9MEDIUM
Key Information:
- Vendor
Siemens
- Vendor
- CVE Published:
- 9 September 2025
What is CVE-2025-40594?
A vulnerability in Siemens SINAMICS devices allows unauthorized factory resets due to inadequate privilege management. The issue arises from leaked session privileges, enabling attackers to manipulate configuration data and potentially escalate their privileges. This poses significant risks to the integrity and security of industrial control systems.
Affected Version(s)
SINAMICS G220 V6.4 0
SINAMICS S200 V6.4 0
SINAMICS S210 V6.4 0