CVE-2025-40743HIGH 8.3EPSS p13.3%

CVE-2025-40743CVE-2025-40743

Description

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS0.23% probability of exploitation · percentile 13.3% · 2026-06-18T12:00:27Z
Published2025-08-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-288

References

  1. https://cert-portal.siemens.com/productcert/html/ssa-177847.html

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40808
CVE
CVE-2025-40771
CVE
CVE-2025-40804
CVE
CVE-2025-40938
CVE
CVE-2025-40937
CVE
CVE-2021-25660
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.