Analysis Summary

CVE-2025-40585 CVSS:9.9

Siemens Energy Services could allow a remote attacker to gain control of G5DFR component and tamper with outputs from the device, caused by the use of default credentials.

CVE-2025-40569 CVSS:4.8

Multiple Siemens Industrial Communication Devices based on SINEC OS could allow a remote authenticated attacker to load arbitrary configurations, caused by a race condition in the "Load Configuration from Local PC" function.

CVE-2025-40568 CVSS:4.3

Multiple Siemens Industrial Communication Devices based on SINEC OS are vulnerable to a denial of service, caused by an incorrect authorization validation flaw in they internal session termination function.

CVE-2025-40567 CVSS:6.5

Industrial Communication Devices based on SINEC OS could allow a remote authenticated attacker to roll back configuration changes made by privileged users, caused by an incorrect authorization validation.

Impact

• Denial of Service
• Security Bypass

Indicators of Compromise

CVE

• CVE-2025-40585

• CVE-2025-40569

• CVE-2025-40568

• CVE-2025-40567

Affected Vendors

Affected Products

• Siemens Energy Services
• Siemens RUGGEDCOM RST2428P
• Siemens SCALANCE XC316-8
• Siemens SCALANCE XC324-4
• Siemens SCALANCE XC324-4 EEC
• Siemens SCALANCE XC332
• Siemens SCALANCE XC416-8
• Siemens SCALANCE XC424-4
• Siemens SCALANCE XC432
• Siemens SCALANCE XCH328
• Siemens SCALANCE XCM324
• Siemens SCALANCE XCM328
• Siemens SCALANCE XCM332
• Siemens SCALANCE XR302-32
• Siemens SCALANCE XR322-12
• Siemens SCALANCE XR326-8
• Siemens SCALANCE XR326-8 EEC
• Siemens SCALANCE XR502-32
• Siemens SCALANCE XR522-12
• Siemens SCALANCE XR526-8
• Siemens SCALANCE XRH334

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-40585

CVE-2025-40569

CVE-2025-40568

CVE-2025-40567