Cyber Resilience

CVE-2025-40943

CriticalRCE

Published: 10 March 2026

Published
10 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-40943 is a critical-severity Eval Injection (CWE-95) vulnerability in Siemens (inferred from references). Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-40943 is a code injection vulnerability (CWE-95) affecting certain devices that fail to properly sanitize the contents of trace files. Published on 2026-03-10, it carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The issue arises in components supporting the import of trace files for diagnostic purposes, where insufficient input validation allows embedded malicious code to persist.

An attacker can exploit this vulnerability remotely over the network with low complexity by social engineering an authorized user possessing the "Read diagnostics" function right into importing a specially crafted trace file. Once imported, the malicious content executes arbitrary code within the victim's browser session due to inadequate sanitization. This enables the attacker to perform PLC operations through the webserver, leveraging the legitimate user's authorization privileges, resulting in high confidentiality, integrity, and availability impacts with changed scope.

Siemens Security Advisory SSA-452276 addresses this vulnerability; practitioners should consult https://cert-portal.siemens.com/productcert/html/ssa-452276.html for detailed mitigation guidance and available patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious…

more

trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Vulnerability enables execution of attacker-controlled code via import of a malicious trace file (T1204.002) that runs as JavaScript in the victim's browser (T1059.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31254Shared CWE-95
CVE-2026-44128Shared CWE-95
CVE-2026-33618Shared CWE-95
CVE-2013-10051Shared CWE-95
CVE-2025-8420Shared CWE-95
CVE-2026-35002Shared CWE-95
CVE-2026-29091Shared CWE-95
CVE-2026-48962Shared CWE-95
CVE-2026-4001Shared CWE-95
CVE-2024-10633Shared CWE-95

Affected Assets

Siemens
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation and sanitization of imported trace file contents to prevent code injection vulnerabilities like CWE-95.

prevent

Filters trace file contents when output to the client's browser session to block execution of embedded malicious code.

prevent

Remediates the specific trace file sanitization flaw through timely application of vendor patches as detailed in Siemens Security Advisory SSA-452276.

References