VDB

CVE-2025-40584

CVE-2025-40584 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.

EPSS 0.02% · 3.6th percentile

Risk Scores

CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.02%
3.6th percentile

Affected Products

VendorProductVersions
SiemensSINAMICS STARTER V5.70
SiemensSINAMICS STARTER V5.60
SiemensSIMOTION SCOUT V5.40
SiemensSIMOTION SCOUT V5.60
SiemensSINAMICS STARTER V5.50
SiemensSIMOTION SCOUT V5.70
SiemensSIMOTION SCOUT TIA V5.70
SiemensSIMOTION SCOUT TIA V5.40
SiemensSIMOTION SCOUT TIA V5.60
SiemensSIMOTION SCOUT V5.50
SiemensSIMOTION SCOUT TIA V5.50

Timeline

  • Aug 12, 2025 EPSS Score
  • Aug 12, 2025 Coalition ESS Score
  • Aug 12, 2025 CVE Published
  • Aug 12, 2025 PoC Published
  • Aug 12, 2025 CVE Updated
  • Aug 14, 2025 PoC Published
  • Aug 20, 2025 EPSS Score
  • Aug 22, 2025 Coalition ESS Score
  • Aug 26, 2025 Coalition ESS Score
  • Aug 29, 2025 EPSS Score
  • Sep 6, 2025 EPSS Score
  • Sep 14, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›