VDB
CVE-2025-40743
CVE-2025-40743
PUBLISHED
CVSS 8.300000190734863 HIGH
A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.
EPSS 0.03% · 8.9th percentile
Risk Scores
CVSS 3.1
8.300000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score
0.03%
8.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SINUMERIK ONE V6.15 | 0 |
| Siemens | SINUMERIK MC | 0 |
| Siemens | SINUMERIK ONE | 0 |
| Siemens | SINUMERIK 828D PPU.4 | 0 |
| Siemens | SINUMERIK MC V1.15 | 0 |
| Siemens | SINUMERIK 828D PPU.5 | 0 |
| Siemens | SINUMERIK 840D sl | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40743 (circl-sighting)
- CIRCL seen: CVE-2025-40743 (circl-sighting)
- CIRCL seen: CVE-2025-40743 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-177847.html (circl)
Timeline
- Aug 12, 2025 EPSS Score
- Aug 12, 2025 Coalition ESS Score
- Aug 12, 2025 CVE Published
- Aug 12, 2025 PoC Published
- Aug 12, 2025 PoC Published
- Aug 14, 2025 PoC Published
- Aug 20, 2025 EPSS Score
- Aug 22, 2025 Coalition ESS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 29, 2025 EPSS Score
- Sep 6, 2025 EPSS Score
- Sep 14, 2025 EPSS Score