CVE-2025-24008 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-24008 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords.

EPSS 0.12% · 31.7th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.12%

31.7th percentile

Affected Products

Vendor	Product	Versions
Siemens	SIRIUS Safety Relays 3SK2	0
Siemens	SIRIUS 3RK3 Modular Safety System (MSS)	0

Timeline

May 13, 2025 EPSS Score
May 13, 2025 CVE Published
May 15, 2025 PoC Published
May 17, 2025 Coalition ESS Score
May 24, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 26, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 17, 2025 EPSS Score
Jul 28, 2025 EPSS Score
Aug 8, 2025 EPSS Score

References

Open in Interactive Console →