CVE-2025-40943 in SIMATIC Drive Controller CPU 1504D TF정보

요약

\~에 의해 MITRE • 2026. 03. 10.

Affected devices do not properly sanitize contents of trace files.

This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file.

The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Siemens

예약하다

2025. 04. 16.

공개

2026. 03. 10.

모더레이션

수락

항목

VDB-349970

CPE

준비됨

CWE

CWE-79 (확인됨)

CVSS

9.6 (CNA)

EPSS

0.00056

KEV

아니요

활동

매우 낮음

부문

Telecommunication, Chemical, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-40943
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-40943
CVE Details	https://www.cvedetails.com/cve/CVE-2025-40943/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!