Vulnerability Description
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinamics G220 Firmware | 6.4 |
| Siemens | Sinamics G220 | - |
| Siemens | Sinamics S200 Firmware | 6.4 |
| Siemens | Sinamics S200 | - |
| Siemens | Sinamics S210 Firmware | 6.4 |
| Siemens | Sinamics S210 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-40594?
CVE-2025-40594 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices al...
How severe is CVE-2025-40594?
CVE-2025-40594 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-40594?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinamics G220 Firmware, Siemens Sinamics G220, Siemens Sinamics S200 Firmware, Siemens Sinamics S200, Siemens Sinamics S210 Firmware.