ssa-177847
Vulnerability from csaf_siemens
Published
2025-08-12 00:00
Modified
2025-08-12 00:00
Summary
SSA-177847: Improper VNC Password Check Vulnerability in SINUMERIK Controllers
Notes
Summary
Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. \n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-177847: Improper VNC Password Check Vulnerability in SINUMERIK Controllers - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-177847.html"
},
{
"category": "self",
"summary": "SSA-177847: Improper VNC Password Check Vulnerability in SINUMERIK Controllers - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-177847.json"
}
],
"title": "SSA-177847: Improper VNC Password Check Vulnerability in SINUMERIK Controllers",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-177847",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V4.95 SP5",
"product": {
"name": "SINUMERIK 828D PPU.4",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SINUMERIK 828D PPU.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V5.25 SP1",
"product": {
"name": "SINUMERIK 828D PPU.5",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SINUMERIK 828D PPU.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V4.95 SP5",
"product": {
"name": "SINUMERIK 840D sl",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SINUMERIK 840D sl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V1.25 SP1",
"product": {
"name": "SINUMERIK MC",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SINUMERIK MC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V1.15 SP5",
"product": {
"name": "SINUMERIK MC V1.15",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SINUMERIK MC V1.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V6.25 SP1",
"product": {
"name": "SINUMERIK ONE",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SINUMERIK ONE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V6.15 SP5",
"product": {
"name": "SINUMERIK ONE V6.15",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SINUMERIK ONE V6.15"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40743",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"notes": [
{
"category": "summary",
"text": "The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification.\r\nThis could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply Defense-in-Depth",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7"
]
},
{
"category": "mitigation",
"details": "Close VNC port on X130 via HMI setting",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7"
]
},
{
"category": "mitigation",
"details": "Set VNC Password on X120 and X130",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7"
]
},
{
"category": "mitigation",
"details": "Change TCU.ini setting to \"ExternalViewerReqTimeoutMode=0\"",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.15 SP5 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.25 SP1 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.95 SP5 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.95 SP5 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.25 SP1 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.15 SP5 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"7"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.25 SP1 or later version\nUpdated software version can be obtained from Siemens customer support or a local partner.",
"product_ids": [
"6"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7"
]
}
],
"title": "CVE-2025-40743"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…