CVE-2025-40743 Information

Aug 13, 2025 cve

Description

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5) SINUMERIK 828D PPU.5 (All versions < V5.25 SP1) SINUMERIK 840D sl (All versions < V4.95 SP5) SINUMERIK MC (All versions < V1.25 SP1) SINUMERIK MC V1.15 (All versions < V1.15 SP5) SINUMERIK ONE (All versions < V6.25 SP1) SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality integrity or availability.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Reference

https://cert-portal.siemens.com/productcert/html/ssa-177847.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

LOW

Base Severity

8.3

CNNVD-202508-1031 (Published: 2025-08-12)

Share on:

CVE-2025-40743 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD