CVE-2025-40594

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sinamics G220 V6.4; Sinamics S200 V6.4; Sinamics S210 V6.4
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-40594?

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Affected Version(s)

SINAMICS G220 V6.4 0

SINAMICS S200 V6.4 0

SINAMICS S210 V6.4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0276...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025

Siemens

What is CVE-2025-40594?

Affected Version(s)

References

CVSS V4

Timeline