Input Validation Flaw in SIMATIC CN 4100 REST API by Siemens
CVE-2025-40937

8.7HIGH

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40937?

A vulnerability in the SIMATIC CN 4100 application affects versions prior to V4.0.1, due to inadequate validation of input parameters in its REST API. This flaw permits authenticated attackers to manipulate input arguments, potentially allowing the execution of arbitrary code with limited privileges. Organizations using this application are advised to assess their systems and apply necessary updates.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4166...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON