CVE-2025-40938 PUBLISHED

Assigner: siemens
Reserved: 16.04.2025 Published: 09.12.2025 Updated: 09.12.2025

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.2

Product Status

Vendor Siemens
Product SIMATIC CN 4100
Versions Default: unknown
  • affected from 0 to V4.0.1 (excl.)

References

Problem Types

  • CWE-798: Use of Hard-coded Credentials CWE