CVE-2025-40943
Received Received - Intake
Code Injection via Unsanitized Trace Files in Siemens Devices

Publication date: 2026-03-10

Last updated on: 2026-03-19

Assigner: Siemens AG

Description
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40943
EUVD
EUVD-2025-208482
Affected Vendors & Products
Showing 36 associated CPEs
Vendor Product Version / Range
siemens simatics7-1500 *
siemens simatics7-1500_cpu_family *
siemens simatics_et_200sp *
siemens simatics_drive_controller *
siemens siplus *
siemens simatics_et_200sp_open_controller *
siemens simatics_et_200sp_cpu *
siemens simatics_drive_controller_cpu *
siemens simatics_et_200sp_cpu_1515sp_pc2 *
siemens simatics_et_200sp_cpu_1515sp_pc3 *
siemens simatics_et_200sp_cpu_1510sp *
siemens simatics_et_200sp_cpu_1512sp *
siemens simatics_et_200sp_cpu_1514sp *
siemens simatics_drive_controller_cpu_1504d_tf *
siemens simatics_drive_controller_cpu_1507d_tf *
siemens simatics_s7-1500_cpu_1511-1_pn *
siemens simatics_s7-1500_cpu_1511c-1_pn *
siemens simatics_s7-1500_cpu_1511f-1_pn *
siemens simatics_s7-1500_cpu_1511t-1_pn *
siemens simatics_s7-1500_cpu_1511tf-1_pn *
siemens simatics_s7-1500_cpu_1512c-1_pn *
siemens simatics_s7-1500_cpu_1513-1_pn *
siemens simatics_s7-1500_cpu_1513f-1_pn *
siemens simatics_s7-1500_cpu_1513pro_f-2_pn *
siemens simatics_s7-1500_cpu_1513pro-2_pn *
siemens simatics_s7-1500_cpu_1513r-1_pn *
siemens simatics_s7-1500_cpu_1515-2_pn *
siemens simatics_s7-1500_cpu_1515f-2_pn *
siemens simatics_s7-1500_cpu_1515r-2_pn *
siemens simatics_s7-1500_cpu_1515t-2_pn *
siemens simatics_s7-1500_cpu_1515tf-2_pn *
siemens simatics_s7-1500_cpu_1516-3_pn_dp *
siemens simatics_s7-1500_cpu_1516f-3_pn_dp *
siemens simatics_s7-1500_cpu_1516pro_f-2_pn *
siemens simatics_s7-1500_cpu_1516pro-2_pn *
siemens simatics_s7-1500_cpu_1516t-3_pn *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-40943 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Siemens SIMATIC S7-1500 devices and related products. The issue arises because affected devices do not properly sanitize the contents of trace files. An attacker can exploit this by tricking a legitimate user into importing a specially crafted trace file through the device's web interface, which then allows the attacker to inject malicious code."}] [1]

Impact Analysis

This vulnerability can have a critical impact as it allows remote attackers to execute malicious code on affected Siemens SIMATIC devices by social engineering a legitimate user to import a malicious trace file. This could lead to unauthorized control or disruption of industrial control systems, potentially causing operational failures or safety issues.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves the import of specially crafted trace files through the device's web interface, which can lead to code injection. Detection would focus on monitoring for suspicious or unauthorized trace file imports and unusual activity on affected Siemens SIMATIC S7-1500 and related devices."}, {'type': 'paragraph', 'content': "Since the vulnerability is triggered by importing malicious trace files, commands or methods to detect it would include checking logs for trace file import events, verifying the integrity and source of trace files, and monitoring network traffic for unusual uploads to the device's web interface."}, {'type': 'paragraph', 'content': 'However, no specific detection commands or tools are provided in the available resources.'}] [1]

Mitigation Strategies

To mitigate CVE-2025-40943, Siemens recommends updating affected devices to the latest firmware versions where fixes exist, specifically version 4.1.2 or later for certain ET 200SP and S7-1500 CPU models.

For devices and models without available fixes, Siemens advises applying specific mitigations detailed in their advisory, which may include restricting access to the web interface, controlling trace file imports, and increasing user awareness to avoid importing untrusted trace files.

Users should also consult the Siemens support link for updates and further mitigation recommendations: https://support.industry.siemens.com/cs/ww/en/view/109478459/

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40943. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart