Cyber Posture

CVE-2025-40937

HighRCE

Published: 09 December 2025

Published
09 December 2025
Modified
10 December 2025
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0007 21.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40937 is a high-severity Command Injection (CWE-77) vulnerability in Siemens Simatic Cn 4100 Firmware. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 21.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the root cause by requiring validation of REST API input parameters to prevent mishandling of unexpected arguments leading to command injection.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation, such as patching SIMATIC CN 4100 to V4.0.1 or later, to eliminate the improper input validation vulnerability.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to restrict the scope and impact of arbitrary code execution to only necessary low-privilege operations.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Vulnerability enables remote arbitrary code execution via command injection (CWE-77) in network-accessible REST API by low-privilege authenticated attackers, directly mapping to Exploitation of Remote Services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to…

more

execute arbitrary code with limited privileges.

Deeper analysisAI

CVE-2025-40937 affects SIMATIC CN 4100 in all versions prior to V4.0.1. The vulnerability arises from improper validation of input parameters in the application's REST API, which results in mishandling of unexpected arguments. Classified under CWE-77, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).

An authenticated attacker with low privileges can exploit this issue remotely over the network with low attack complexity and without requiring user interaction. Exploitation enables execution of arbitrary code under limited privileges, granting high-impact access to confidentiality and integrity while causing low impact to availability.

The Siemens security advisory at https://cert-portal.siemens.com/productcert/html/ssa-416652.html provides details on mitigation, including updating to version V4.0.1 or later to address the vulnerability in affected versions.

Details

CWE(s)
CWE-77

Affected Products

siemens
simatic cn 4100 firmware
≤ 4.0.1

CVEs Like This One

CVE-2026-21638Shared CWE-77
CVE-2025-59470Shared CWE-77
CVE-2025-24956Same vendor: Siemens
CVE-2026-23715Same vendor: Siemens
CVE-2026-23719Same vendor: Siemens
CVE-2025-27392Same vendor: Siemens
CVE-2026-22923Same vendor: Siemens
CVE-2025-57199Shared CWE-77
CVE-2026-25605Same vendor: Siemens
CVE-2025-66399Shared CWE-77

References