Credential Derivation Vulnerability in Blueplanet Devices by Siemens
CVE-2025-40946

7.2HIGH

Key Information:

Vendor: Siemens
Status: Blueplanet 100 Nx3 M8; Blueplanet 100 Tl3 Gen2; Blueplanet 105 Tl3; Blueplanet 105 Tl3 Gen2
Vendor: CVE Published:; 12 May 2026

What is CVE-2025-40946?

A vulnerability has been detected in several Siemens Blueplanet devices that utilizes a CRC16-based algorithm for generating Technical Service credentials. This flaw enables an attacker to derive valid credentials from a device's serial number, which can potentially lead to unauthorized access. Affected devices include multiple models and versions of the Blueplanet series, necessitating urgent attention from users to mitigate risks associated with this issue.

Affected Version(s)

blueplanet 100 NX3 M8 0

blueplanet 100 TL3 GEN2 0

blueplanet 105 TL3 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5456...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-40946 Data

JSON