CVE-2025-40759

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.5HIGH

EPSS

0.1%

top 67.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic S7-plcsim V17 Siemens Simatic Step 7 V17 Siemens Simatic Step 7 V18 +30 more

Timeline

PublishedAug 12

Description

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All vers…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages33 packages

▶CVEListV5siemens/sirius_soft_starter_es_v17_(tia_portal)< *

▶CVEListV5siemens/sirius_soft_starter_es_v18_(tia_portal)< *

▶CVEListV5siemens/sirius_soft_starter_es_v19_(tia_portal)< *

▶CVEListV5siemens/sirius_soft_starter_es_v20_(tia_portal)< *

▶CVEListV5siemens/sirius_safety_es_v17_(tia_portal)< *

🔴Vulnerability Details

CVEList

CVE-2025-40759: A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All↗2025-08-12

▶

GHSA

GHSA-hgv7-qqgv-vj6c: A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIM↗2025-08-12

▶