Security Advisory

Siemens Family Security Update Advisory

  • Oct 27 2025
Siemens Family Security Update Advisory

Overview

 

We have released a security update that fixes vulnerabilities in the Siemens family of products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-40755

 

SINEC NMS Version: 4.0 SP1 and earlier

 

CVE-2025-40765

 

TeleControl Server Basic Version: 3.1.2.2 or later and less than 3.1.2.3

 

CVE-2025-40771

 

SIMATIC CP 1542SP-1 version: 2.4.24 and earlier
SIMATIC CP 1542SP-1 IRC, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL Version: 2.less than 4.24
SIMATIC CP 1543SP-1, SIPLUS ET 200SP CP 1543SP-1 ISEC, SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Version: 2.less than 4.24

 

CVE-2025-40772

 

SiPass integrated version: less than 3.0

 

CVE-2025-40809, CVE-2025-40810, CVE-2025-40811, CVE-2025-40812

 

Solid Edge SE2024 version: 224.0 Update 14 or earlier
Solid Edge SE2025 version: 225.0 Update 6 and earlier

 

 

Resolved Vulnerabilities

 

SQL Injection Vulnerability in SINEC NMS (CVE-2025-40755)
Information Disclosure Vulnerability in TeleControl Server Basic (CVE-2025-40765)
Authentication Vulnerability in SIMATIC ET 200SP Communication Processor (CVE-2025-40771)
Stored cross-site scripting vulnerability in SiPass integrated (CVE-2025-40772)
Out-of-bounds write vulnerability in Solid Edge (CVE-2025-40809)
Out-of-bounds write vulnerability in Solid Edge (CVE-2025-40810)
Out-of-Bounds Read Vulnerability in Solid Edge (CVE-2025-40811)
Out-of-Bounds Read Vulnerability in Solid Edge (CVE-2025-40812)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2025-40755

 

SINEC NMS Version: 4.0 SP1 or later

 

CVE-2025-40765

 

TeleControl Server Basic Version: 3.1.2.3 or later

 

CVE-2025-40771

 

SIMATIC CP 1542SP-1 version: 2.4.24 or later
SIMATIC CP 1542SP-1 IRC, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL Version: 2.4.24 or later
SIMATIC CP 1543SP-1, SIPLUS ET 200SP CP 1543SP-1 ISEC, SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Version: 2.4.24 or later

 

CVE-2025-40772

 

SiPass integrated version: 3.0 or later

 

CVE-2025-40809, CVE-2025-40810, CVE-2025-40811, CVE-2025-40812

 

Solid Edge SE2024 version: 224.0 Update 14 or later
Solid Edge SE2025 version: 225.0 Update 6 or later

 

 

References

 

[1] SSA-318832: SQL Injection Vulnerability in SINEC NMS
https://cert-portal.siemens.com/productcert/html/ssa-318832.html
[2] SSA-062309: Information Disclosure Vulnerability in TeleControl Server Basic V3.1
https://cert-portal.siemens.com/productcert/html/ssa-062309.html
[3] SSA-486936: Authentication Vulnerability in SIMATIC ET 200SP Communication Processors
https://cert-portal.siemens.com/productcert/html/ssa-486936.html
[4] SSA-599451: Multiple Vulnerabilities in SiPass integrated Before V3.0
https://cert-portal.siemens.com/productcert/html/ssa-599451.html
[5] SSA-541582: Multiple File Parsing Vulnerabilities in Solid Edge
https://cert-portal.siemens.com/productcert/html/ssa-541582.html

Tags:
Previous Post

Next Post