CVE-2025-40594
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2026-03-10

Assigner: Siemens AG

Description
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2026-03-10
Generated
2026-05-07
AI Q&A
2025-09-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40594
EUVD
EUVD-2025-27242
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
siemens sinamics_g220_firmware 6.4
siemens sinamics_g220_firmware 6.4
siemens sinamics_g220 *
siemens sinamics_s200_firmware 6.4
siemens sinamics_s200 *
siemens sinamics_s210_firmware 6.4
siemens sinamics_s210_firmware 6.4
siemens sinamics_s210 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects Siemens SINAMICS drive series (G220, S210, and S200 models) and is due to improper privilege management. It allows unauthorized users to perform a factory reset without the required privileges and manipulate configuration data because privileges from previous sessions are leaked. This leads to privilege escalation, meaning an attacker can gain higher access rights than intended. [1]


How can this vulnerability impact me? :

The vulnerability can allow an unauthorized attacker to escalate their privileges on affected Siemens SINAMICS devices. This means they could execute a factory reset and manipulate configuration data without proper authorization, potentially disrupting device operation, causing downtime, or compromising the integrity of the device's configuration. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The provided resources do not include specific commands or detailed detection methods for identifying this vulnerability on your network or system. Detection would likely involve checking the firmware versions of SINAMICS G220, S210, and S200 devices to see if they are prior to V6.4 HF2 for G220 and S210, or any version for S200. Additionally, monitoring for unauthorized factory reset attempts or privilege escalations could be part of detection, but no explicit commands are provided.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating affected SINAMICS devices to the latest firmware versions where fixes are available: update SINAMICS G220 and S210 devices to version V6.4 HF2 or later. For SINAMICS S200 devices, since no fix is currently available, it is recommended to protect network access with appropriate security mechanisms and configure devices according to Siemens' operational guidelines for Industrial Security to reduce exposure. Following Siemens' security advisories and applying product-specific updates when released are also advised. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart