PT-2025-32652 · Siemens · Sinumerik One V6.15+6
Published
2025-08-12
·
Updated
2025-08-17
·
CVE-2025-40743
CVSS v3.1
8.3
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions:
SINUMERIK 828D PPU.4 versions prior to V4.95 SP5
SINUMERIK 828D PPU.5 versions prior to V5.25 SP1
SINUMERIK 840D sl versions prior to V4.95 SP5
SINUMERIK MC versions prior to V1.25 SP1
SINUMERIK MC V1.15 versions prior to V1.15 SP5
SINUMERIK ONE versions prior to V6.25 SP1
SINUMERIK ONE V6.15 versions prior to V6.15 SP5
Description:
The application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.
Recommendations:
Update SINUMERIK 828D PPU.4 to version V4.95 SP5 or later.
Update SINUMERIK 828D PPU.5 to version V5.25 SP1 or later.
Update SINUMERIK 840D sl to version V4.95 SP5 or later.
Update SINUMERIK MC to version V1.25 SP1 or later.
Update SINUMERIK MC V1.15 to version V1.15 SP5 or later.
Update SINUMERIK ONE to version V6.25 SP1 or later.
Update SINUMERIK ONE V6.15 to version V6.15 SP5 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinumerik 828D Ppu.4
Sinumerik 828D Ppu.5
Sinumerik 840D Sl
Sinumerik Mc
Sinumerik Mc V1.15
Sinumerik One
Sinumerik One V6.15