CVE-2025-40817

MEDIUM

Siemens LOGO! and SIPLUS LOGO! - Unauthenticated Time Manipulation

Title source: llm

Description

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-267056.html

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 6.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (16)

Siemens/LOGO! 12/24RCE

Siemens/LOGO! 12/24RCEo

Siemens/LOGO! 230RCE

Siemens/LOGO! 230RCEo

Siemens/LOGO! 24CE

Siemens/LOGO! 24CEo

Siemens/LOGO! 24RCE

Siemens/LOGO! 24RCEo

Siemens/SIPLUS LOGO! 12/24RCE

Siemens/SIPLUS LOGO! 12/24RCEo

... and 6 more

Published Nov 11, 2025

Tracked Since Feb 18, 2026