CVE-2025-40938Hard-coded Credentials in Siemens Simatic CN 4100

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.2CRITICALNVD
EPSS
0.1%
top 75.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic CN 4100Siemens Simatic CN 4100 Firmware
Timeline
PublishedDec 9

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5siemens/simatic_cn_4100< V4.0.1

🔴Vulnerability Details

2
GHSA
GHSA-6wrx-4m6w-9vw2: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V42025-12-09
CVEList
CVE-2025-40938: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V42025-12-09
CVE-2025-40938 — Hard-coded Credentials in Siemens | cvebase