CVE-2025-40594

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-027652.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:-::::::
	cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:hf1::::::

cpe:2.3:h:siemens:sinamics_g220:-:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:sinamics_s200_firmware:6.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_s200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:-::::::
	cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:hf1::::::

cpe:2.3:h:siemens:sinamics_s210:-:-:*:*:*:*:*:*

History

No history.

Information

Published : 2025-09-09 09:15

Updated : 2025-10-20 19:20

NVD link : CVE-2025-40594

Mitre link : CVE-2025-40594

CVE.ORG link : CVE-2025-40594

JSON object : View

Products Affected

siemens

sinamics_g220
sinamics_s210
sinamics_g220_firmware
sinamics_s210_firmware
sinamics_s200
sinamics_s200_firmware

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2025-40594", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-09-09T09:15:36.743", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-027652.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges."}], "lastModified": "2025-10-20T19:20:29.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826EA8F0-D952-45B0-992D-06FDD69C15DE"}, {"criteria": "cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:hf1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A667304B-DA27-4774-9E2D-427C8F82D92A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinamics_g220:-:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1338801-EE2C-4B79-90CD-B89DC5D62222"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinamics_s200_firmware:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "177B0059-39B2-446B-9EE4-990A3B8DAE14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinamics_s200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A55ADD0-B32D-41F8-BB59-003440BEBA01"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DB28153-EF8D-4D75-B9B2-24EE4C1030D5"}, {"criteria": "cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:hf1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F006E81-F8BF-4EA6-A972-B4209AF59C2C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinamics_s210:-:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF9F61F7-F7F3-45FE-8029-D1DD034FF993"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}