CNNVD-202508-1037 Information

Aug 12, 2025 cve

CNNVD ID

CNNVD-202508-1037

CVE-2025-40759

  • CNNVD Published: 2025-08-12

Description (Chinese)

Siemens SIMATIC WinCC等都是德国西门子(Siemens)公司的产品。Siemens SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。Siemens SIMATIC STEP是用于配置和编程 SIMATIC 控制器的综合工程工具。Siemens SIMATIC S7-PLCSIM V17是一款PLC程序仿真软件。 Siemens多款产品存在代码问题漏洞,该漏洞源于项目文件解析时安全属性清理不当,可能导致执行任意代码。以下产品及版本受到影响:SIMATIC S7-PLCSIM V17、SIMATIC STEP 7 V17、SIMATIC STEP 7 V18、SIMATIC STEP 7 V19 V19 Update 4之前版本、SIMATIC STEP 7 V20、SIMATIC WinCC V17、SIMATIC WinCC V18、SIMATIC WinCC V19 V19 Update 4之前版本、SIMATIC WinCC V20、SIMOCODE ES V17、SIMOCODE ES V18、SIMOCODE ES V19、SIMOCODE ES V20、SIMOTION SCOUT TIA V5.4、SIMOTION SCOUT TIA V5.5、SIMOTION SCOUT TIA V5.6 V5.6 SP1 HF7之前版本、SIMOTION SCOUT TIA V5.7、SINAMICS Startdrive V17、SINAMICS Startdrive V18、SINAMICS Startdrive V19、SINAMICS Startdrive V20、SIRIUS Safety ES V17、SIRIUS Safety ES V18、SIRIUS Safety ES V19、SIRIUS Safety ES V20、SIRIUS Soft Starter ES V17、SIRIUS Soft Starter ES V18、SIRIUS Soft Starter ES V19、SIRIUS Soft Starter ES V20、TIA Portal Cloud V17、TIA Portal Cloud V18、TIA Portal Cloud V19 V5.2.1.1之前版本和TIA Portal Cloud V20。

Description (English)

Siemens SIMATIC WinCC and others are products of Siemens Germany. Siemens SIMATIC WinCC is an automated data collection and monitoring (SCADA) system. Siemens SIMATIC STEP is an integrated engineering tool for configuration and programming of SIMATIC controllers. Siemens SIMATIC S7-PLCSIM V17 is a PLC simulation software. There is a code gap in the Siemens multi-products, which stems from the inappropriate clean-up of security attributes at the time the project document is deciphered, which may lead to the implementation of any code. The following products and versions have been affected: SIMATIC S7-PLSCIM V17, SIMATIC STEP V17, SIMOTEC VATIC V18, SIMOTIC STEP 7 V19 V19 Update 4 V20, SIMOTIC STEP 7 V20, SIMCOESCIC V17, SIMOTOC SCOUTAC V5 Uplate V20, SIMOTIC VATVAT V20 VATES, SIMOCATES V5-V5, SIMOC VATESV5-V5, AIMOCENTESVAT V17, SIMOCEDE SATES5-VIS5-VIS5-S5-S5-SATEL, SIMOCODE ES1-SATES5-S5-S5-S5-SATEL, SOTATES19 SATETV, SATES17 SATET.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

西门子

Published

2025-08-12

Last Modified

2026-02-24

References

https://cert-portal.siemens.com/productcert/html/ssa-493396.html https://access.redhat.com/security/cve/cve-2025-40759 https://vigilance.fr/vulnerability/Siemens-SIMATIC-code-execution-via-Project-Files-Deserialization-47924

Patch

https://cert-portal.siemens.com/productcert/html/ssa-493396.html

Share on: