Siemens SIMATIC Vulnerability Exposes Configuration Data to Attack

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

EXECUTIVE SUMMARY:

An authentication vulnerability CVE-2025-40771 in Siemens SIMATIC ET 200SP communication processors allows unauthenticated remote attackers to access and potentially modify device configuration data, posing a severe risk to operational integrity and enabling lateral attacks across control networks; the issue affects all firmware versions prior to, has fixed firmware available, and should be mitigated immediately by applying the firmware update, restricting access to affected systems to trusted IP addresses only, isolating devices within protected networks, and enforcing strong access control, monitoring, and other industrial security best practices. The vulnerability has a CVSS score of 9.8.

RECOMMENDATION:

We strongly recommend you update SIMATIC ET 200SP Communication Processors to version 2.4.24 or later.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/critical-siemens-flaw-cve-2025-40771-cvss-9-8-allows-unauthenticated-remote-access-to-simatic-cp-config/

Recent Advisories

PolarEdge Backdoor Exploits IoT Devices Using Encrypted TLS Channels

October 15, 2025

TA585 APT Delivers MonsterV2 Malware via ClickFix and Web Injections

October 15, 2025

High-Severity Use-After-Free Vulnerability in Chrome Safe Browsing

October 15, 2025

WhatsApp web-based worm targets banking customers in Brazil

October 14, 2025

Siemens SIMATIC Vulnerability Exposes Configuration Data to Attack

Recent Advisories

Report an Incident