CVE-2025-24008

MEDIUM

SIRIUS 3RK3 MSS & 3SK2 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-222768.html

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (2)

Siemens/SIRIUS 3RK3 Modular Safety System (MSS)

Siemens/SIRIUS Safety Relays 3SK2

Published May 13, 2025

Tracked Since Feb 18, 2026