CVE-2025-40759

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-PLCSIM versions (affected versions not specified) SIMATIC STEP 7 versions (affected versions not specified) SIMATIC WinCC versions (affected versions not specified) SIMOCODE ES versions (affected versions not specified) SIMOTION SCOUT TIA versions (affected versions not specified) SINAMICS Startdrive versions (affected versions not specified) SIRIUS Safety ES V17 (TIA Portal) versions (affected versions not specified) SIRIUS Soft Starter ES V17 (TIA Portal) versions (affected versions not specified) TIA Portal Cloud versions (affected versions not specified) SIMATIC STEP 7 V19 versions prior to V19 Update 4 SIMOTION SCOUT TIA V5.6 versions prior to V5.6 SP1 HF7 TIA Portal Cloud V19 versions prior to V5.2.1.1

Description: The affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Recommendations: Update SIMATIC STEP 7 V19 to V19 Update 4 or later. Update SIMOTION SCOUT TIA V5.6 to V5.6 SP1 HF7 or later. Update TIA Portal Cloud V19 to V5.2.1.1 or later.