CVE-2025-40805
CRITICALSiemens Industrial Edge Cloud Device and Device Kit - Authentication Bypass
Title source: llmDescription
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
References (2)
Core 2
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-001536.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-014678.html
Scores
CVSS v3
10.0
EPSS
0.0008
EPSS Percentile
24.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (50)
Siemens/Industrial Edge Cloud Device (IECD)
< V1.24.2
Siemens/Industrial Edge Device Kit - arm64 V1.10
Siemens/Industrial Edge Device Kit - arm64 V1.11
Siemens/Industrial Edge Device Kit - arm64 V1.12
Siemens/Industrial Edge Device Kit - arm64 V1.13
Siemens/Industrial Edge Device Kit - arm64 V1.14
Siemens/Industrial Edge Device Kit - arm64 V1.15
Siemens/Industrial Edge Device Kit - arm64 V1.16
Siemens/Industrial Edge Device Kit - arm64 V1.17
Siemens/Industrial Edge Device Kit - arm64 V1.18
... and 40 more
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026