VDB
CVE-2025-24007
CVE-2025-24007
PUBLISHED
CVSS 7.5 HIGH
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.
EPSS 0.17% · 37.6th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.17%
37.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIRIUS Safety Relays 3SK2 | 0 |
| Siemens | SIRIUS 3RK3 Modular Safety System (MSS) | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-24007 (circl-sighting)
- CIRCL seen: CVE-2025-24007 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-222768.html (circl)
Timeline
- May 13, 2025 EPSS Score
- May 13, 2025 CVE Published
- May 13, 2025 PoC Published
- May 15, 2025 PoC Published
- May 24, 2025 EPSS Score
- May 30, 2025 Coalition ESS Score
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
- Aug 1, 2025 EPSS Score