Information Exposure Vulnerability in SIMATIC CN 4100 by Siemens
CVE-2025-40941

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40941?

A vulnerability has been found within the SIMATIC CN 4100, affecting all versions prior to V4.0.1. This issue results in the exposure of sensitive server information through its response messages. As a result, an attacker with access to the network could exploit this vulnerability to gather critical data, potentially facilitating targeted attacks on the system. It is essential for organizations using this product to prioritize updates to safeguard their network security.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4166...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON