CVE-2025-40768 PUBLISHED

Assigner: siemens
Reserved: 16.04.2025 Published: 12.08.2025 Updated: 12.08.2025

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application.

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS Score: 7.3

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Siemens
Product	SINEC Traffic Analyzer
Versions	Default: unknown affected from 0 to V3.0 (excl.)

References

https://cert-portal.siemens.com/productcert/html/ssa-517338.html

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE