SSA-222768 — Vulnetix

SSA-222768 PUBLISHED CVSS 7.5 HIGH

SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems only provide weak password obfuscation. An attacker with access to the PROFINET or serial interface of the device could eavesdrop or read the stored password from the device and de-obfuscate it. The safety passwords work as protection against unauthorized operation (i.e., protection against inadvertent operating errors) but not as protection against malicious access attempts. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
	SIRIUS 3RK3 Modular Safety System (MSS)
	SIRIUS Safety Relays 3SK2

Exploit Intelligence

https://cert-portal.siemens.com/productcert/html/ssa-222768.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-222768.json (circl)

Timeline

May 13, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-222768.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-222768.json advisory

Open in Interactive Console →