CVE-2025-23403 — Incorrect Permission Assignment in Siemens Simatic IPC Diagbase

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 99.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic IPC Diagbase Siemens Simatic IPC Diagmonitor

Timeline

PublishedFeb 11

Description

A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/simatic_ipc_diagbase< *

▶CVEListV5siemens/simatic_ipc_diagmonitor< *

🔴Vulnerability Details

GHSA

GHSA-pggr-mph7-ch3v: A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions)↗2025-02-11

▶

CVEList

CVE-2025-23403: A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions)↗2025-02-11

▶