VDB
CVE-2025-40943
CVE-2025-40943
PUBLISHED
CVSS 9.600000381469727 CRITICAL
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.
EPSS 0.06% · 17.9th percentile
Risk Scores
CVSS 3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.06%
17.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC S7-1500 CPU 1516-3 PN/DP | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1511C-1 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 Software Controller Linux V3 | 0, 0, 0 |
| Siemens | SIPLUS ET 200SP CPU 1512SP-1 PN RAIL | 0, 0, 0 |
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1511TF-1 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1516T-3 PN/DP | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1508S V2 | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1513-1 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1515TF-2 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1517F-3 PN/DP | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1517TF-3 PN/DP | 0, 0, 0 |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS | 0, 0, 0 |
| Siemens | SIPLUS ET 200SP CPU 1512SP-1 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1507S V2 | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1508S F V4 | 0, 0, 0 |
| Siemens | SIMATIC ET 200SP CPU 1510SP-1 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1513F-1 PN | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU 1517T-3 PN/DP | 0, 0, 0 |
| Siemens | SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK | 0, 0, 0 |
…and 86 more
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-903736.html (circl)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-452276.html (circl)
- CIRCL seen: CVE-2026-25569 (circl-sighting)
- CIRCL seen: CVE-2026-25569 (circl-sighting)
- CIRCL seen: CVE-2026-25569 (circl-sighting)
Timeline
- Mar 10, 2026 CVE Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 12, 2026 PoC Published
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Security Advisory