Authentication Flaw in Siemens SINUMERIK Products
CVE-2025-40743

8.7HIGH

Key Information:

Vendor: Siemens
Status: Sinumerik 828d Ppu.4; Sinumerik 828d Ppu.5; Sinumerik 840d Sl; Sinumerik Mc
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-40743?

A significant security vulnerability has been discovered in several versions of Siemens SINUMERIK products. This flaw, originating from improper validation of authentication credentials for the VNC access service, allows unauthorized users to access systems with inadequate password verification. As a result, attackers could potentially gain remote access, posing risks to system confidentiality, integrity, and availability. It is crucial for users to update to the latest software versions to mitigate this risk effectively.

Affected Version(s)

SINUMERIK 828D PPU.4 0

SINUMERIK 828D PPU.5 0

SINUMERIK 840D sl 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1778...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025