CVE-2025-24007

Summary

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

Affected Software

VendorProductVersion RangeStatus
SiemensSIRIUS 3RK3 Modular Safety System (MSS)0 < *affected
SiemensSIRIUS Safety Relays 3SK20 < *affected

Weaknesses

  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References