Improper Input Validation in Siemens Devices
CVE-2025-40943

9.4CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Drive Controller Cpu 1504d Tf; Simatic Drive Controller Cpu 1507d Tf; Simatic Et 200sp Cpu 1510sp F-1 Pn; Simatic Et 200sp Cpu 1510sp-1 Pn
Vendor: CVE Published:; 10 March 2026

What is CVE-2025-40943?

A vulnerability exists in Siemens devices where improper sanitization of trace file contents can be exploited. An attacker may leverage social engineering techniques to convince a legitimate user to import a specially crafted trace file, potentially allowing the attacker to execute arbitrary code within the device environment.

Affected Version(s)

SIMATIC Drive Controller CPU 1504D TF 0

SIMATIC Drive Controller CPU 1507D TF 0

SIMATIC ET 200SP CPU 1510SP F-1 PN 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4522...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-40943 Data

JSON