CVE-2025-40743Authentication Bypass Using an Alternate Path or Channel in Siemens Sinumerik 828d Ppu.4

CWE-288Authentication Bypass Using an Alternate Path or Channel3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 92.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens Sinumerik 828d Ppu.4Siemens Sinumerik 828d Ppu.5Siemens Sinumerik 840d SL+4 more
Timeline
PublishedAug 12

Description

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verific

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Packages7 packages

CVEListV5siemens/sinumerik_828d_ppu.4< V4.95 SP5
CVEListV5siemens/sinumerik_828d_ppu.5< V5.25 SP1
CVEListV5siemens/sinumerik_840d_sl< V4.95 SP5
CVEListV5siemens/sinumerik_mc< V1.25 SP1
CVEListV5siemens/sinumerik_one< V6.25 SP1

🔴Vulnerability Details

2
GHSA
GHSA-mr3f-gmg7-3h9c: A vulnerability has been identified in SINUMERIK 828D PPU2025-08-12
CVEList
CVE-2025-40743: A vulnerability has been identified in SINUMERIK 828D PPU2025-08-12
CVE-2025-40743 — Siemens vulnerability | cvebase