VDB
CVE-2025-40805
CVE-2025-40805
PUBLISHED
CVSS 10 CRITICAL
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
EPSS 0.09% · 25.3th percentile
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.09%
25.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design | 0 |
| Siemens | Industrial Edge Device Kit - arm64 V1.10 | 0 |
| Siemens | Industrial Edge Device Kit - x86-64 V1.16 | 0 |
| Siemens | SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) | 0 |
| Siemens | SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) | 0 |
| Siemens | SIMATIC IPC BX-59A Industrial Edge Device | 0 |
| Siemens | SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit | 0 |
| Siemens | SIMATIC HMI MTP1500 Unified Comfort Panel | 0 |
| Siemens | SIMATIC IPC427E Industrial Edge Device | 0 |
| Siemens | Industrial Edge Device Kit - arm64 V1.12 | 0 |
| Siemens | SIMATIC HMI MTP1900 Unified Comfort Panel hygienic | 0 |
| Siemens | SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) | 0 |
| Siemens | SIMATIC HMI MTP2200 Unified Comfort Panel neutral design | 0 |
| Siemens | Industrial Edge Device Kit - arm64 V1.8 | 0 |
| Siemens | Industrial Edge Device Kit - arm64 V1.21 | 0 |
| Siemens | SIMATIC IPC BX-39A Industrial Edge Device | 0 |
| Siemens | Industrial Edge Device Kit - arm64 V1.5 | 0 |
| Siemens | SIMATIC HMI MTP1900 Unified Comfort Panel | 0 |
| Siemens | SIPLUS HMI MTP1200 Unified Comfort | 0 |
| Siemens | Industrial Edge Device Kit - arm64 V1.25 | 0 |
…and 87 more
Exploit Intelligence
- CIRCL seen: CVE-2025-40805 (circl-sighting)
- CIRCL seen: CVE-2025-40805 (circl-sighting)
- CIRCL seen: CVE-2025-40805 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-014678.html (circl)
- https://cert-portal.siemens.com/productcert/html/ssa-001536.html (circl)
Timeline
- Jan 13, 2026 EPSS Score
- Jan 13, 2026 CVE Published
- Jan 13, 2026 PoC Published
- Jan 13, 2026 PoC Published
- Jan 13, 2026 PoC Published
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
- Jan 31, 2026 EPSS Score
- Feb 3, 2026 EPSS Score