CVE-2025-40594 - Vulnerability Details

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Attack Vector Local

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact Low

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Siemens	Sinamics G220 Sinamics G220 Firmware Sinamics S200 Sinamics S200 Firmware Sinamics S210 Sinamics S210 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:-::::::
	cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:hf1::::::

cpe:2.3:h:siemens:sinamics_g220:-:-:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:sinamics_s200_firmware:6.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_s200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:-::::::
	cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:hf1::::::

cpe:2.3:h:siemens:sinamics_s210:-:-:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-027652.html

History

Mon, 20 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens sinamics G220 Firmware Siemens sinamics S200 Firmware Siemens sinamics S210 Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:siemens:sinamics_g220:-:-:::::: cpe:2.3:h:siemens:sinamics_s200:-:::::::* cpe:2.3:h:siemens:sinamics_s210:-:-:::::: cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:-:::::: cpe:2.3:o:siemens:sinamics_g220_firmware:6.4:hf1:::::: cpe:2.3:o:siemens:sinamics_s200_firmware:6.4:::::::* cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:-:::::: cpe:2.3:o:siemens:sinamics_s210_firmware:6.4:hf1::::::
Vendors & Products		Siemens sinamics G220 Firmware Siemens sinamics S200 Firmware Siemens sinamics S210 Firmware

Tue, 09 Sep 2025 23:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Sep 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens sinamics G220 Siemens sinamics S200 Siemens sinamics S210
Vendors & Products		Siemens Siemens sinamics G220 Siemens sinamics S200 Siemens sinamics S210

Tue, 09 Sep 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
Weaknesses		CWE-269
References		https://cert-portal.siemens.com/productcert/html/ssa-027652.html
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2025-09-09T08:47:57.771Z

Updated: 2025-09-09T19:36:11.082Z

Reserved: 2025-04-16T08:20:17.034Z

Link: CVE-2025-40594

Vulnrichment

Updated: 2025-09-09T19:36:06.833Z

NVD

Status : Analyzed

Published: 2025-09-09T09:15:36.743

Modified: 2025-10-20T19:20:29.113

Link: CVE-2025-40594

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact Low

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object