CVE-2025-40594

MEDIUM

SINAMICS G220/S200/S210 V6.4 < HF2/7/2 - Unauthenticated Privilege Escalation via Factory Reset

Title source: llm

Description

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-027652.html

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269

Status published

Products (3)

siemens/sinamics_g220_firmware 6.4 (2 CPE variants)

siemens/sinamics_s200_firmware 6.4

siemens/sinamics_s210_firmware 6.4 (2 CPE variants)

Published Sep 09, 2025

Tracked Since Feb 18, 2026