CVE-2025-40940
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simatic_cn_4100 | 4.0.1 |
| siemens | simatic_cn_4100_firmware | to 4.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SIMATIC CN 4100 versions prior to V4.0.1 and involves inconsistent SNMP behavior, including unexpected service availability and unreliable configuration handling across different protocol versions. This inconsistency could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to access sensitive data due to inconsistent SNMP behavior, which may result in a breach of confidentiality. This means your sensitive information could be exposed to unauthorized parties.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in SIMATIC CN 4100 could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality. Such a breach may impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information. Therefore, this vulnerability poses a risk to maintaining compliance with these regulations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the SIMATIC CN 4100 device to version V4.0.1 or later. Additionally, protect network access to the devices and follow Siemens' operational guidelines for Industrial Security. [1]