CVE-2025-24009

MEDIUM

SIRIUS < All - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with network access could retrieve sensitive information from certain data records, including obfuscated safety passwords.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-222768.html

Scores

CVSS v3 5.9

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-732

Status published

Products (2)

Siemens/SIRIUS 3RK3 Modular Safety System (MSS)

Siemens/SIRIUS Safety Relays 3SK2

Published May 13, 2025

Tracked Since Feb 18, 2026