CVE-2025-40594CRITICAL 9.8EPSS p10.0%

CVE-2025-40594CVE-2025-40594

Description

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.20% probability of exploitation · percentile 10.0% · 2026-06-18T12:00:27Z
Published2025-09-09
Last modified2026-03-10

Underlying weaknesses· 1

CWE-269

References

  1. https://cert-portal.siemens.com/productcert/html/ssa-027652.html

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40771
CVE
CVE-2025-40944
CVE
CVE-2025-40938
CVE
CVE-2026-25654
CVE
CVE-2025-40736
CVE
CVE-2025-27396
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.