CVE-2025-40771 — Missing Authentication for Critical Function in Siemens Simatic CP 1542sp-1

CWE-306 — Missing Authentication for Critical Function3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.1%

top 69.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic CP 1542sp-1 Siemens Simatic CP 1542sp-1 IRC Siemens Simatic CP 1543sp-1 +3 more

Timeline

PublishedOct 14

Description

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). A…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5siemens/siplus_et_200sp_cp_1543sp-1_isec_tx_rail< V2.4.24

▶CVEListV5siemens/siplus_et_200sp_cp_1543sp-1_isec< V2.4.24

▶CVEListV5siemens/siplus_et_200sp_cp_1542sp-1_irc_tx_rail< V2.4.24

▶CVEListV5siemens/simatic_cp_1542sp-1< V2.4.24

▶CVEListV5siemens/simatic_cp_1543sp-1< V2.4.24

🔴Vulnerability Details

CVEList

CVE-2025-40771: A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2↗2025-10-14

▶

GHSA

GHSA-8x4j-8hhc-j8jf: A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2↗2025-10-14

▶