CVE-2025-40594

Name of the Vulnerable Software and Affected Versions: SINAMICS G220 versions prior to 6.4 HF2 SINAMICS S200 version 6.4 SINAMICS S210 versions prior to 6.4 HF2

Description: The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management and manipulation of configuration data resulting from leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Recommendations: Update SINAMICS G220 to version 6.4 HF2 or later. Update SINAMICS S210 to version 6.4 HF2 or later.