CVE-2025-40820
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: Siemens AG

Description
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40820
EUVD
EUVD-2025-201923
Affected Vendors & Products
Showing 19 associated CPEs
Vendor Product Version / Range
siemens simatic_cfu diq
siemens sidoor ate530g_coated
siemens simatic_et_200mp im_155-5_pn_hf
siemens sidoor atd430w
siemens simatic_cfu pa
siemens simatic_et_200 clean_cm_8x_io-link
siemens simatic_et_200sp im_155-6_pn_ha
siemens simatic power_line_booster
siemens simatic_et_200 eco_pn
siemens simatic_et_200 di_16x24vdc
siemens simatic pn_mf
siemens simatic s7-200_smart_cpu
siemens simatic_et_200sp im_155-6_pn_hf
siemens simatic_et_200 al_im_157-1_pn
siemens simatic s7-300_cpu
siemens simatic s7-400_pn_dp_v7_cpu
siemens simatic s7-400_h_v6_cpu
siemens simatic pn_pn_couplers
siemens sidoor ate530s_coated
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-940 The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include updating affected Siemens products to the latest firmware versions where fixes are available, such as SIMATIC CFU DIQ and PA modules to version 2.0.0 or later, SIMATIC ET 200SP IM 155-6 PN HA to version 1.3 or later, and SIMATIC PN/PN Couplers to version 6.0.0 or later. For products without planned fixes, Siemens recommends disabling vulnerable Ethernet ports on CPUs (e.g., SIMATIC S7-400 H V6 CPU family and SIMATIC S7-400 PN/DP V7 CPU family) and using alternative communication modules like CP modules to reduce exposure. These mitigations help prevent exploitation by limiting network access vectors required for the attack. [1]

Executive Summary

This vulnerability involves affected products not properly enforcing TCP sequence number validation in certain scenarios, accepting a broad range of values. This flaw could allow an unauthenticated remote attacker to interfere with TCP connection setup by injecting IP packets with spoofed addresses at precisely timed moments, potentially causing a denial of service. It only affects TCP-based services.

Impact Analysis

The vulnerability can impact you by allowing an unauthenticated remote attacker to disrupt TCP-based services through denial of service attacks. This could lead to service outages or interruptions, affecting availability of networked applications relying on TCP connections.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40820. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart