CVE-2025-40743
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-12

Last updated on: 2025-08-12

Assigner: Siemens AG

Description
A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-12
Last Modified
2025-08-12
Generated
2026-05-27
AI Q&A
2025-08-12
EPSS Evaluated
2026-05-25
NVD
CVE-2025-40743
EUVD
EUVD-2025-24245
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
siemens sinumerik_mc 1.25_sp1
siemens sinumerik_840d_sl 4.95_sp5
siemens sinumerik_828d_ppu 5.25_sp1
siemens sinumerik_one 6.15_sp5
siemens sinumerik_one 6.25_sp1
siemens sinumerik_828d_ppu 4.95_sp5
siemens sinumerik_mc 1.15_sp5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects Siemens SINUMERIK Controllers by improperly validating authentication for their VNC access service. Due to insufficient password verification, an attacker can gain unauthorized remote access to the system. This is classified as an authentication bypass vulnerability (CWE-288), allowing attackers to bypass normal authentication controls and access the system remotely without proper credentials. [1]


How can this vulnerability impact me? :

The vulnerability can allow an attacker to gain unauthorized remote access to affected SINUMERIK systems, potentially compromising the confidentiality, integrity, and availability of the system. This means sensitive data could be exposed or altered, and system operations could be disrupted or controlled by unauthorized parties. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can involve checking if affected SINUMERIK devices are running vulnerable versions prior to the fixed releases (e.g., versions prior to V4.95 SP5 for SINUMERIK 828D PPU.4). Additionally, scanning the network for open VNC ports on these devices can help identify potential exposure. Specific commands are not provided in the resources, but typical network scanning tools like nmap can be used to detect open VNC ports (usually TCP 5900). Verifying the device software version via device management interfaces or Siemens support tools is recommended. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying the available software updates to the fixed versions listed in the advisory (e.g., update SINUMERIK 828D PPU.4 to V4.95 SP5 or later). Workarounds include closing the VNC port on X130 via HMI settings, setting a VNC password on X120 and X130 devices, and changing the TCU.ini configuration parameter "ExternalViewerReqTimeoutMode" to 0. Additionally, implementing defense-in-depth strategies, restricting network access to affected devices, and following Siemens' Industrial Security operational guidelines are strongly recommended. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart