CVE-2025-40743 PUBLISHED

Assigner: siemens
Reserved: 16.04.2025 Published: 12.08.2025 Updated: 12.08.2025

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Siemens
Product SINUMERIK 828D PPU.4
Versions Default: unknown
  • affected from 0 to V4.95 SP5 (excl.)
Vendor Siemens
Product SINUMERIK 828D PPU.5
Versions Default: unknown
  • affected from 0 to V5.25 SP1 (excl.)
Vendor Siemens
Product SINUMERIK 840D sl
Versions Default: unknown
  • affected from 0 to V4.95 SP5 (excl.)
Vendor Siemens
Product SINUMERIK MC
Versions Default: unknown
  • affected from 0 to V1.25 SP1 (excl.)
Vendor Siemens
Product SINUMERIK MC V1.15
Versions Default: unknown
  • affected from 0 to V1.15 SP5 (excl.)
Vendor Siemens
Product SINUMERIK ONE
Versions Default: unknown
  • affected from 0 to V6.25 SP1 (excl.)
Vendor Siemens
Product SINUMERIK ONE V6.15
Versions Default: unknown
  • affected from 0 to V6.15 SP5 (excl.)

References

Problem Types

  • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE