CVE-2025-40939
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-16
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simatic_cn_4100_firmware | to 4.0.1 (inc) |
| siemens | simatic_cn_4100 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SIMATIC CN 4100 device (all versions before V4.0.1) which has a USB port allowing unauthenticated connections. An attacker with physical access to the device can use this USB port to trigger a reboot, potentially causing a denial of service condition.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with physical access to the device to cause it to reboot unexpectedly. This can lead to a denial of service condition, disrupting the availability of the device and any services relying on it.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, restrict physical access to the SIMATIC CN 4100 device to prevent unauthorized use of the USB port. Ensure that only trusted personnel can access the device physically, as the vulnerability requires physical access to trigger a reboot causing denial of service.