Denial of Service Vulnerability in SIMATIC CN 4100 by Siemens
CVE-2025-40939

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40939?

A vulnerability exists in the SIMATIC CN 4100 device, specifically affecting all versions prior to 4.0.1. This flaw arises from the presence of a USB port that permits unauthenticated connections. An attacker with physical access could exploit this weakness to forcibly reboot the device, potentially leading to a denial of service condition. It is crucial for users to ensure their systems are updated to mitigate this risk. For more details, visit the official Siemens security advisory.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4166...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON