Unauthorized Access Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2025-40818

3.3LOW

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40818?

A vulnerability has been discovered in the SINEMA Remote Connect Server, where private SSL/TLS keys stored on the server are inadequately protected. This issue allows authenticated users with access to the server to read these sensitive keys. Consequently, this exposure poses risks such as unauthorized impersonation of the server, enabling man-in-the-middle attacks, traffic decryption, and unauthorized access to services relying on those certificates.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6268...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON