PT-2025-49842 · Siemens · Simatic Cn 4100
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-40937
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SIMATIC CN 4100 versions prior to 4.0.1
Description
The application does not properly validate input parameters in its REST API, leading to improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges. The vulnerable component is the REST API, specifically its handling of input parameters.
Recommendations
Update to version 4.0.1 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cn 4100