CVE-2025-40771
Published: 14 October 2025
Summary
CVE-2025-40771 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-17 (Remote Access).
Deeper analysis
CVE-2025-40771 is a missing authentication vulnerability (CWE-306) affecting multiple Siemens industrial communication processors, including SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0, all versions prior to V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0, all versions prior to V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0, all versions prior to V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0, all versions prior to V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0, all versions prior to V2.4.24), and SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0, all versions prior to V2.4.24). These devices fail to properly authenticate configuration connections, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-10-14.
An unauthenticated remote attacker with network access to an affected device can exploit this flaw without privileges or user interaction. Successful exploitation grants access to configuration data, potentially enabling high-impact confidentiality, integrity, and availability violations as indicated by the CVSS vector.
Siemens has issued Security Advisory SSA-486936, available at https://cert-portal.siemens.com/productcert/html/ssa-486936.html, which provides detailed mitigation guidance, including patching to version V2.4.24 or later. Security practitioners should consult this advisory for implementation specifics.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34160
Vulnerability details
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)…
more
(All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote exploitation of network-accessible Siemens industrial communication processors, directly mapping to exploitation of public-facing applications for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates unauthenticated configuration access by identifying, limiting, and monitoring permitted actions without identification or authentication.
Enforces approved authorizations including authentication for access to configuration data and resources, countering the missing authentication flaw.
Authorizes, manages, and monitors remote access connections, preventing unauthenticated remote attackers from exploiting configuration interfaces.