CVE-2025-40771
published 2025-10-14CVE-2025-40771: A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.48%
38.1th percentile
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_cp_1542sp-1 | < V2.4.24 | V2.4.24 |
| siemens | simatic_cp_1542sp-1_irc | < V2.4.24 | V2.4.24 |
| siemens | simatic_cp_1543sp-1 | < V2.4.24 | V2.4.24 |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail | < V2.4.24 | V2.4.24 |
| siemens | siplus_et_200sp_cp_1543sp-1_isec | < V2.4.24 | V2.4.24 |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail | < V2.4.24 | V2.4.24 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated remote connections to configuration interfaces on affected Siemens SIMATIC ET 200SP CP devices (CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1 and SIPLUS variants) running firmware versions below V2.4.24; missing authentication for configuration connections (CWE-306) is the exploitable condition. ↗
- →Monitor for network-originated configuration sessions to these devices that lack any authentication handshake; the vulnerability is network-reachable with no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). ↗
- →Alert on any inbound configuration-protocol traffic to affected devices from untrusted or non-whitelisted IP addresses; the recommended workaround is to restrict access to trusted IPs only. ↗
- ·No known public exploitation has been reported at time of advisory publication; threat remains theoretical but critical (CVSS v4 9.3 / CVSS v3.1 9.8). ↗
- ·All firmware versions below V2.4.24 are affected across all six listed product variants; detection scope must cover all part numbers: 6GK7542-6UX00-0XE0, 6GK7542-6VX00-0XE0, 6GK7543-6WX00-0XE0, 6AG2542-6VX00-4XE0, 6AG1543-6WX00-7XE0, 6AG2543-6WX00-4XE0. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC ET 200SP Communication Processors
cisa_ics·2025-10-16·CVSS 9.8
[CRITICAL] Siemens SIMATIC ET 200SP Communication Processors
ICS Advisory
##
Siemens SIMATIC ET 200SP Communication Processors
Release DateOctober 16, 2025
Alert CodeICSA-25-289-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC ET 200SP
- Vulnerability: Missing Authentication for Critical Function
## 2. RISK EVALUATION
Succe
GHSA
GHSA-8x4j-8hhc-j8jf: A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2
ghsa_unreviewed·2025-10-14
CVE-2025-40771 [CRITICAL] CWE-306 GHSA-8x4j-8hhc-j8jf: A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-14
Published