CVE-2025-40743

Summary

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

Affected Software

VendorProductVersion RangeStatus
SiemensSINUMERIK 828D PPU.40 < V4.95 SP5affected
SiemensSINUMERIK 828D PPU.50 < V5.25 SP1affected
SiemensSINUMERIK 840D sl0 < V4.95 SP5affected
SiemensSINUMERIK MC0 < V1.25 SP1affected
SiemensSINUMERIK MC V1.150 < V1.15 SP5affected
SiemensSINUMERIK ONE0 < V6.25 SP1affected
SiemensSINUMERIK ONE V6.150 < V6.15 SP5affected

Weaknesses

  • CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References