CVE-2025-40594 MEDIUM

CVE-2025-40594

Vendor Siemens
Product SINAMICS G220 V6.4
Weakness CWE-269
Published September 9, 2025
Last update March 10, 2026

CVSS base score

6.3/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

What the vulnerability does

01Description

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
March 10, 2026 Record updated