PT-2025-20849 · Siemens · Sirius 3Rk3 Modular Safety System+1
Published
2025-05-13
·
Updated
2025-05-13
·
CVE-2025-24008
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SIRIUS 3RK3 Modular Safety System (MSS) (All versions)
SIRIUS Safety Relays 3SK2 (All versions)
Description:
A vulnerability has been identified where the affected devices do not encrypt data in transit. An attacker with network access could eavesdrop on the connection and retrieve sensitive information, including obfuscated safety passwords.
Recommendations:
For SIRIUS 3RK3 Modular Safety System (MSS), consider implementing encryption for data in transit to prevent eavesdropping.
For SIRIUS Safety Relays 3SK2, consider implementing encryption for data in transit to prevent eavesdropping.
As a temporary workaround, restrict network access to the affected devices to minimize the risk of exploitation.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sirius 3Rk3 Modular Safety System
Sirius Safety Relays 3Sk2