Information Disclosure Vulnerability in SIMATIC CN 4100 by Siemens
CVE-2025-40938

9.2CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40938?

A security flaw exists in the SIMATIC CN 4100, where sensitive information is improperly stored in the firmware. This exposure may allow unauthorized individuals to gain access to confidential data, undermining the device’s confidentiality, integrity, and availability. Users of affected versions are urged to update their devices to the latest firmware to mitigate potential risks.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4166...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON