CVE-2025-40594
published 2025-09-09CVE-2025-40594: A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.20%
10.1th percentile
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinamics_g220_firmware | — | — |
| siemens | sinamics_g220_v6.4 | < V6.4 HF2 | V6.4 HF2 |
| siemens | sinamics_s200_firmware | — | — |
| siemens | sinamics_s200_v6.4 | < V6.4 HF7 | V6.4 HF7 |
| siemens | sinamics_s210_firmware | — | — |
| siemens | sinamics_s210_v6.4 | < V6.4 HF2 | V6.4 HF2 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows factory reset execution without required privileges due to improper privilege management and leaked privileges from previous sessions — monitor for unauthorized factory reset commands issued to SINAMICS devices on local network segments. ↗
- →Attack vector is local network (AV:L) with no required privileges (PR:N) and user interaction (UI:R/UI:A), high attack complexity, and requires specific conditions (AT:P) — focus detection on anomalous session privilege escalation events on SINAMICS G220, S200, and S210 V6.4 devices. ↗
- →Exploitation is not remotely possible and requires local network access — restrict and monitor local network access to SINAMICS drives, particularly any configuration data modification or factory reset operations. ↗
- ·SINAMICS S200 V6.4 currently has no fix available; all versions remain vulnerable. ↗
- ·Privilege leakage stems from previous sessions — session management and privilege isolation between sessions is a key architectural weakness to account for in detection logic. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jg6x-p73x-m4hc: A vulnerability has been identified in SINAMICS G220 V6
ghsa_unreviewed·2025-09-09
CVE-2025-40594 [MEDIUM] CWE-269 GHSA-jg6x-p73x-m4hc: A vulnerability has been identified in SINAMICS G220 V6
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
CISA ICS
Siemens SINAMICS Drives
cisa_ics·2025-09-11·CVSS 6.3
[MEDIUM] Siemens SINAMICS Drives
ICS Advisory
##
Siemens SINAMICS Drives
Release DateSeptember 11, 2025
Alert CodeICSA-25-254-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable from a local network
- Vendor: Siemens
- Equipment: SINAMICS Drives
- Vulnerability: Improper Privilege Management
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could all
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-09
Published