ICS: Multiple Siemens Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-40742 CVSS:5.3

A vulnerability has been identified in various SIPROTEC 5 devices. The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.

CVE-2025-40738 CVSS:8.8

A vulnerability has been identified in Siemens SINEC NMS. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges.

CVE-2025-40737 CVSS:8.8

A vulnerability has been identified in SINEC NMS. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges.

CVE-2025-40736 CVSS:9.8

A vulnerability has been identified in SINEC NMS. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application.

CVE-2025-40735 CVSS:8.8

A vulnerability has been identified in SINEC NMS. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

CVE-2025-40593 CVSS:6.5

A vulnerability has been identified in SIMATIC CN 4100. The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.

Impact