CVE-2025-40743 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-40743 PUBLISHED CVSS 8.300000190734863 HIGH

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

EPSS 0.03% · 6.9th percentile

Risk Scores

CVSS v3.1

8.300000190734863

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.03%

6.9th percentile

Affected Products

Vendor	Product	Versions
Siemens	SINUMERIK ONE V6.15	0
Siemens	SINUMERIK MC	0
Siemens	SINUMERIK ONE	0
Siemens	SINUMERIK 828D PPU.4	0
Siemens	SINUMERIK MC V1.15	0
Siemens	SINUMERIK 828D PPU.5	0
Siemens	SINUMERIK 840D sl	0

Timeline

Aug 12, 2025 EPSS Score
Aug 12, 2025 Coalition ESS Score
Aug 12, 2025 CVE Published
Aug 12, 2025 PoC Published
Aug 12, 2025 PoC Published
Aug 14, 2025 PoC Published
Aug 20, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score
Aug 26, 2025 Coalition ESS Score
Aug 28, 2025 EPSS Score
Sep 4, 2025 EPSS Score
Sep 12, 2025 EPSS Score

References

Open in Interactive Console →