CVE-2025-40820
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simatic_cfu | diq |
| siemens | sidoor | ate530g_coated |
| siemens | simatic_et_200mp | im_155-5_pn_hf |
| siemens | sidoor | atd430w |
| siemens | simatic_cfu | pa |
| siemens | simatic_et_200 | clean_cm_8x_io-link |
| siemens | simatic_et_200sp | im_155-6_pn_ha |
| siemens | simatic | power_line_booster |
| siemens | simatic_et_200 | eco_pn |
| siemens | simatic_et_200 | di_16x24vdc |
| siemens | simatic | pn_mf |
| siemens | simatic | s7-200_smart_cpu |
| siemens | simatic_et_200sp | im_155-6_pn_hf |
| siemens | simatic_et_200 | al_im_157-1_pn |
| siemens | simatic | s7-300_cpu |
| siemens | simatic | s7-400_pn_dp_v7_cpu |
| siemens | simatic | s7-400_h_v6_cpu |
| siemens | simatic | pn_pn_couplers |
| siemens | sidoor | ate530s_coated |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves affected products not properly enforcing TCP sequence number validation in certain scenarios, accepting a broad range of values. This flaw could allow an unauthenticated remote attacker to interfere with TCP connection setup by injecting IP packets with spoofed addresses at precisely timed moments, potentially causing a denial of service. It only affects TCP-based services.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an unauthenticated remote attacker to disrupt TCP-based services through denial of service attacks. This could lead to service outages or interruptions, affecting availability of networked applications relying on TCP connections.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating affected Siemens products to the latest firmware versions where fixes are available, such as SIMATIC CFU DIQ and PA modules to version 2.0.0 or later, SIMATIC ET 200SP IM 155-6 PN HA to version 1.3 or later, and SIMATIC PN/PN Couplers to version 6.0.0 or later. For products without planned fixes, Siemens recommends disabling vulnerable Ethernet ports on CPUs (e.g., SIMATIC S7-400 H V6 CPU family and SIMATIC S7-400 PN/DP V7 CPU family) and using alternative communication modules like CP modules to reduce exposure. These mitigations help prevent exploitation by limiting network access vectors required for the attack. [1]