Cyber Resilience

CVE-2025-40771

Critical

Published: 14 October 2025

Published
14 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 31.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40771 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-17 (Remote Access).

Deeper analysis

CVE-2025-40771 is a missing authentication vulnerability (CWE-306) affecting multiple Siemens industrial communication processors, including SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0, all versions prior to V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0, all versions prior to V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0, all versions prior to V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0, all versions prior to V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0, all versions prior to V2.4.24), and SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0, all versions prior to V2.4.24). These devices fail to properly authenticate configuration connections, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-10-14.

An unauthenticated remote attacker with network access to an affected device can exploit this flaw without privileges or user interaction. Successful exploitation grants access to configuration data, potentially enabling high-impact confidentiality, integrity, and availability violations as indicated by the CVSS vector.

Siemens has issued Security Advisory SSA-486936, available at https://cert-portal.siemens.com/productcert/html/ssa-486936.html, which provides detailed mitigation guidance, including patching to version V2.4.24 or later. Security practitioners should consult this advisory for implementation specifics.

EU & UK References

Vulnerability details

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)…

more

(All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability allows unauthenticated remote exploitation of network-accessible Siemens industrial communication processors, directly mapping to exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2026-21446Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2025-41715Shared CWE-306
CVE-2026-24790Shared CWE-306
CVE-2025-21524Shared CWE-306
CVE-2025-53072Shared CWE-306
CVE-2026-1023Shared CWE-306

Affected Assets

All
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly mitigates unauthenticated configuration access by identifying, limiting, and monitoring permitted actions without identification or authentication.

prevent

Enforces approved authorizations including authentication for access to configuration data and resources, countering the missing authentication flaw.

preventdetect

Authorizes, manages, and monitors remote access connections, preventing unauthenticated remote attackers from exploiting configuration interfaces.

References