CVE-2025-40940
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-10

Assigner: Siemens AG

Description
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40940
EUVD
EUVD-2025-201916
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
siemens simatic_cn_4100 4.0.1
siemens simatic_cn_4100_firmware to 4.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects SIMATIC CN 4100 versions prior to V4.0.1 and involves inconsistent SNMP behavior, including unexpected service availability and unreliable configuration handling across different protocol versions. This inconsistency could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality.

Impact Analysis

The vulnerability could allow an attacker to access sensitive data due to inconsistent SNMP behavior, which may result in a breach of confidentiality. This means your sensitive information could be exposed to unauthorized parties.

Compliance Impact

The vulnerability in SIMATIC CN 4100 could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality. Such a breach may impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information. Therefore, this vulnerability poses a risk to maintaining compliance with these regulations.

Mitigation Strategies

To mitigate this vulnerability, update the SIMATIC CN 4100 device to version V4.0.1 or later. Additionally, protect network access to the devices and follow Siemens' operational guidelines for Industrial Security. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40940. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart