CVE-2025-40757
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | talon_tc_series | * |
| siemens | apogee_pxc_series | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Siemens APOGEE PXC Series and TALON TC Series devices connected to a network. It allows attackers to access and download encrypted database (.db) files from the devices, which contain sensitive information such as passwords. The vulnerability results from unrestricted access to these sensitive files on affected devices. [1]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could obtain encrypted database files containing passwords, potentially leading to unauthorized access to the device or network. This exposure of sensitive information could compromise the security of the affected systems and any connected infrastructure. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing all three default passwords even if unused, ensuring all account passwords are strong (up to 15 characters including uppercase, lowercase, numbers, and special characters), and disabling telnet (which is disabled by default). Additionally, protect network access with appropriate security mechanisms and configure the operational environment according to Siemens' Industrial Security guidelines. [1]