CVE-2025-24007

HIGH

SIRIUS 3RK3 MSS & 3SK2 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-222768.html

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (2)

Siemens/SIRIUS 3RK3 Modular Safety System (MSS)

Siemens/SIRIUS Safety Relays 3SK2

Published May 13, 2025

Tracked Since Feb 18, 2026