VDB
CVE-2025-24008
CVE-2025-24008
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords.
EPSS 0.12% · 31.3th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.12%
31.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIRIUS Safety Relays 3SK2 | 0 |
| Siemens | SIRIUS 3RK3 Modular Safety System (MSS) | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-24008 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-222768.html (circl)
Timeline
- May 13, 2025 EPSS Score
- May 13, 2025 CVE Published
- May 15, 2025 PoC Published
- May 17, 2025 Coalition ESS Score
- May 24, 2025 EPSS Score
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
- Aug 1, 2025 EPSS Score
- Aug 13, 2025 EPSS Score