CVE-2025-40943
Published: 10 March 2026
Summary
CVE-2025-40943 is a critical-severity Eval Injection (CWE-95) vulnerability in Siemens (inferred from references). Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-40943 is a code injection vulnerability (CWE-95) affecting certain devices that fail to properly sanitize the contents of trace files. Published on 2026-03-10, it carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The issue arises in components supporting the import of trace files for diagnostic purposes, where insufficient input validation allows embedded malicious code to persist.
An attacker can exploit this vulnerability remotely over the network with low complexity by social engineering an authorized user possessing the "Read diagnostics" function right into importing a specially crafted trace file. Once imported, the malicious content executes arbitrary code within the victim's browser session due to inadequate sanitization. This enables the attacker to perform PLC operations through the webserver, leveraging the legitimate user's authorization privileges, resulting in high confidentiality, integrity, and availability impacts with changed scope.
Siemens Security Advisory SSA-452276 addresses this vulnerability; practitioners should consult https://cert-portal.siemens.com/productcert/html/ssa-452276.html for detailed mitigation guidance and available patches.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208482
Vulnerability details
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious…
more
trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables execution of attacker-controlled code via import of a malicious trace file (T1204.002) that runs as JavaScript in the victim's browser (T1059.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation and sanitization of imported trace file contents to prevent code injection vulnerabilities like CWE-95.
Filters trace file contents when output to the client's browser session to block execution of embedded malicious code.
Remediates the specific trace file sanitization flaw through timely application of vendor patches as detailed in Siemens Security Advisory SSA-452276.