PT-2025-41883 · Siemens · Siplus Et 200Sp Cp 1543Sp-1 Isec Tx Rail+4
Published
2025-10-14
·
Updated
2025-11-21
·
CVE-2025-40771
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SIMATIC CP 1542SP-1 versions prior to 2.4.24
SIMATIC CP 1542SP-1 IRC versions prior to 2.4.24
SIMATIC CP 1543SP-1 versions prior to 2.4.24
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions prior to 2.4.24
SIPLUS ET 200SP CP 1543SP-1 ISEC versions prior to 2.4.24
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions prior to 2.4.24
Description
The affected devices do not properly authenticate configuration connections. This allows a remote attacker to access the configuration data without authentication. The issue concerns a critical security flaw in Siemens industrial communication modules, including SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, and related SIPLUS ET 200SP modules.
Recommendations
SIMATIC CP 1542SP-1: Update to version 2.4.24 or later.
SIMATIC CP 1542SP-1 IRC: Update to version 2.4.24 or later.
SIMATIC CP 1543SP-1: Update to version 2.4.24 or later.
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: Update to version 2.4.24 or later.
SIPLUS ET 200SP CP 1543SP-1 ISEC: Update to version 2.4.24 or later.
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: Update to version 2.4.24 or later.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cp 1542Sp-1 Irc
Simatic Cp 1543Sp-1
Siplus Et 200Sp Cp 1542Sp-1 Irc Tx Rail
Siplus Et 200Sp Cp 1543Sp-1 Isec
Siplus Et 200Sp Cp 1543Sp-1 Isec Tx Rail