VDB
ICSA-25-254-03
ICSA-25-254-03
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
6.300000190734863
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SINAMICS S200 V6.4 | ||
| SINAMICS S210 V6.4 | ||
| SINAMICS G220 V6.4 |
Timeline
- Sep 9, 2025 CVE Published
- Mar 12, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-027652.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-027652.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-254-03.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-03 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://support.industry.siemens.com/cs/ww/en/view/109978915/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109983183/ fix
- https://support.industry.siemens.com/cs/ww/en/view/110000221/ fix