CVE-2025-40943

CRITICAL

Affected Devices - Code Injection

Title source: llm

Description

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-452276.html

Scores

CVSS v3 9.6

EPSS 0.0005

EPSS Percentile 14.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-95

Status published

Products (50)

Siemens/SIMATIC Drive Controller CPU 1504D TF

Siemens/SIMATIC Drive Controller CPU 1507D TF

Siemens/SIMATIC ET 200SP CPU 1510SP F-1 PN

Siemens/SIMATIC ET 200SP CPU 1510SP F-1 PN < V4.1.2

Siemens/SIMATIC ET 200SP CPU 1510SP-1 PN

Siemens/SIMATIC ET 200SP CPU 1510SP-1 PN < V4.1.2

Siemens/SIMATIC ET 200SP CPU 1512SP F-1 PN

Siemens/SIMATIC ET 200SP CPU 1512SP F-1 PN < V4.1.2

Siemens/SIMATIC ET 200SP CPU 1512SP-1 PN

Siemens/SIMATIC ET 200SP CPU 1512SP-1 PN < V4.1.2

... and 40 more

Published Mar 10, 2026

Tracked Since Mar 11, 2026