Session Identifier Exposure in SIPROTEC 5 Products by Siemens
CVE-2025-40742

6MEDIUM

Key Information:

Vendor: Siemens
Status: Siprotec 5 6md84 (cp300); Siprotec 5 6md85 (cp300); Siprotec 5 6md86 (cp300); Siprotec 5 6md89 (cp300)
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-40742?

A session identifier exposure vulnerability has been identified in various SIPROTEC 5 products by Siemens. The affected devices improperly manage session identifiers within URL requests for specific functionalities. This oversight allows attackers to potentially access sensitive session information from browser histories and logs, leading to unauthorized retrieval of critical data and services.

Affected Version(s)

SIPROTEC 5 6MD84 (CP300) 0

SIPROTEC 5 6MD85 (CP300) 0

SIPROTEC 5 6MD86 (CP300) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9046...

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025