CVE-2025-40771
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC CP 1542SP-1 | 0 < V2.4.24 | affected |
| Siemens | SIMATIC CP 1542SP-1 IRC | 0 < V2.4.24 | affected |
| Siemens | SIMATIC CP 1543SP-1 | 0 < V2.4.24 | affected |
| Siemens | SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL | 0 < V2.4.24 | affected |
| Siemens | SIPLUS ET 200SP CP 1543SP-1 ISEC | 0 < V2.4.24 | affected |
| Siemens | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL | 0 < V2.4.24 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.