Siemens Industrial Edge Cloud Device API Endpoint Elevação de Privilégios
| CVSS Meta Pontuação Temporária | Preço atual do exploit (≈) | Nota de Interesse CTI |
|---|---|---|
| 9.7 | $5k-$25k | 0.00 |
Sumário
Uma vulnerabilidade foi encontrada em Siemens Industrial Edge Cloud Device, Industrial Edge Device Kit, Industrial Edge Own Device, Industrial Edge Virtual Device, SCALANCE LPE9413, SCALANCE LPE9433, SIMATIC Automation Workstation 19", SIMATIC Automation Workstation 24", SIMATIC HMI MTP1000 Unified Comfort Panel, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1000, Unified Comfort Panel neutral, SIMATIC HMI MTP1200 Comfort Pro for stand, SIMATIC HMI MTP1200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1200 Comfort Pro for support arm, SIMATIC HMI MTP1200 Comfort Pro neutral design for stand, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1200 Unified Comfort Panel, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1200 Unified Comfort Panel neutral design, SIMATIC HMI MTP1500 Comfort Pro for stand, SIMATIC HMI MTP1500 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1500 Comfort Pro for support arm, SIMATIC HMI MTP1500 Comfort Pro neutral design for stand, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1500 Unified Comfort Panel, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1500 Unified Comfort Panel neutral design, SIMATIC HMI MTP1900 Comfort Pro for stand, SIMATIC HMI MTP1900 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1900 Comfort Pro for support arm, SIMATIC HMI MTP1900 Comfort Pro neutral design for stand, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1900 Unified Comfort Panel, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1900 Unified Comfort Panel neutral design, SIMATIC HMI MTP2200 Comfort Pro for stand, SIMATIC HMI MTP2200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP2200 Comfort Pro for support arm, SIMATIC HMI MTP2200 Comfort Pro neutral design for stand, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and SIMATIC HMI M. Foi classificada como crítico. A função afetada é desconhecida do componente API Endpoint. A utilização pode causar Elevação de Privilégios. Esta vulnerabilidade está registrada como CVE-2025-40805. O ataque pode ser iniciado a partir da rede. Nenhum exploit está disponível. É aconselhável atualizar o componente afetado.
Detalhes
Uma vulnerabilidade foi encontrada em Siemens Industrial Edge Cloud Device, Industrial Edge Device Kit, Industrial Edge Own Device, Industrial Edge Virtual Device, SCALANCE LPE9413, SCALANCE LPE9433, SIMATIC Automation Workstation 19", SIMATIC Automation Workstation 24", SIMATIC HMI MTP1000 Unified Comfort Panel, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1000, Unified Comfort Panel neutral, SIMATIC HMI MTP1200 Comfort Pro for stand, SIMATIC HMI MTP1200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1200 Comfort Pro for support arm, SIMATIC HMI MTP1200 Comfort Pro neutral design for stand, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1200 Unified Comfort Panel, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1200 Unified Comfort Panel neutral design, SIMATIC HMI MTP1500 Comfort Pro for stand, SIMATIC HMI MTP1500 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1500 Comfort Pro for support arm, SIMATIC HMI MTP1500 Comfort Pro neutral design for stand, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1500 Unified Comfort Panel, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1500 Unified Comfort Panel neutral design, SIMATIC HMI MTP1900 Comfort Pro for stand, SIMATIC HMI MTP1900 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1900 Comfort Pro for support arm, SIMATIC HMI MTP1900 Comfort Pro neutral design for stand, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1900 Unified Comfort Panel, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1900 Unified Comfort Panel neutral design, SIMATIC HMI MTP2200 Comfort Pro for stand, SIMATIC HMI MTP2200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP2200 Comfort Pro for support arm, SIMATIC HMI MTP2200 Comfort Pro neutral design for stand, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and SIMATIC HMI M. Foi classificada como crítico. A função afetada é desconhecida do componente API Endpoint. A utilização pode causar Elevação de Privilégios. O uso do CWE para declarar o problema aponta para CWE-639. A falha foi publicada como ssa-001536. O boletim está compartilhado para download em cert-portal.siemens.com.
Esta vulnerabilidade está registrada como CVE-2025-40805. O CVE foi atribuído em 16/04/2025. O ataque pode ser iniciado a partir da rede. Detalhes técnicos não estão disponíveis. Esta vulnerabilidade tem popularidade abaixo da média. Nenhum exploit está disponível. Atualmente, o preço atual de um exploit pode ser aproximadamente USD $5k-$25k no momento.
Foi declarado como não definido.
É aconselhável atualizar o componente afetado.
Afetado
- Siemens Industrial Edge Devices
Produto
Tipo
Fabricante
Nome
- Industrial Edge Cloud Device
- Industrial Edge Device Kit
- Industrial Edge Own Device
- Industrial Edge Virtual Device
- SCALANCE LPE9413
- SCALANCE LPE9433
- SIMATIC Automation Workstation 19"
- SIMATIC Automation Workstation 24"
- SIMATIC HMI M
- SIMATIC HMI MTP1000
- SIMATIC HMI MTP1000 Unified Comfort Panel
- SIMATIC HMI MTP1000 Unified Comfort Panel hygienic
- SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design
- SIMATIC HMI MTP1200 Comfort Pro for stand
- SIMATIC HMI MTP1200 Comfort Pro for support arm
- SIMATIC HMI MTP1200 Comfort Pro for support arm and extension unit
- SIMATIC HMI MTP1200 Comfort Pro neutral design for stand
- SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm
- SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm and extensio
- SIMATIC HMI MTP1200 Unified Comfort Panel
- SIMATIC HMI MTP1200 Unified Comfort Panel hygienic
- SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design
- SIMATIC HMI MTP1200 Unified Comfort Panel neutral design
- SIMATIC HMI MTP1500 Comfort Pro for stand
- SIMATIC HMI MTP1500 Comfort Pro for support arm
- SIMATIC HMI MTP1500 Comfort Pro for support arm and extension unit
- SIMATIC HMI MTP1500 Comfort Pro neutral design for stand
- SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm
- SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm and extensio
- SIMATIC HMI MTP1500 Unified Comfort Panel
- SIMATIC HMI MTP1500 Unified Comfort Panel hygienic
- SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design
- SIMATIC HMI MTP1500 Unified Comfort Panel neutral design
- SIMATIC HMI MTP1900 Comfort Pro for stand
- SIMATIC HMI MTP1900 Comfort Pro for support arm
- SIMATIC HMI MTP1900 Comfort Pro for support arm and extension unit
- SIMATIC HMI MTP1900 Comfort Pro neutral design for stand
- SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm
- SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm and extensio
- SIMATIC HMI MTP1900 Unified Comfort Panel
- SIMATIC HMI MTP1900 Unified Comfort Panel hygienic
- SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design
- SIMATIC HMI MTP1900 Unified Comfort Panel neutral design
- SIMATIC HMI MTP2200 Comfort Pro for stand
- SIMATIC HMI MTP2200 Comfort Pro for support arm
- SIMATIC HMI MTP2200 Comfort Pro for support arm and extension unit
- SIMATIC HMI MTP2200 Comfort Pro neutral design for stand
- SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm
- SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and extensio
- Unified Comfort Panel neutral
Licença
Site
- Fabricante: https://www.siemens.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vetor: 🔒VulDB Fiabilidade: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vetor: 🔒
CVSSv3
VulDB Meta Pontuação Base: 9.9VulDB Meta Pontuação Temporária: 9.7
VulDB Pontuação Base: 9.8
VulDB Pontuação Temporária: 9.4
VulDB Vetor: 🔒
VulDB Fiabilidade: 🔍
CNA Pontuação Base: 10.0
CNA Vetor (siemens): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexidade | Autenticação | Confidencialidade | Integridade | Disponibilidade |
|---|---|---|---|---|---|
| Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
| Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
| Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
VulDB Pontuação Base: 🔒
VulDB Pontuação Temporária: 🔒
VulDB Fiabilidade: 🔍
Exploração
Classe: Elevação de PrivilégiosCWE: CWE-639 / CWE-285 / CWE-266
CAPEC: 🔒
ATT&CK: 🔒
Físico: Não
Local: Não
Remoto: Sim
Disponibilidade: 🔒
Estado: Não definido
EPSS Score: 🔒
EPSS Percentile: 🔒
Tendência de preços: 🔍
Estimativa de preço atual: 🔒
| 0-Day | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
|---|---|---|---|---|
| Hoje | Desbloquear | Desbloquear | Desbloquear | Desbloquear |
Inteligência de ameaças
Interesse: 🔍Atores ativos: 🔍
Grupos APT ativos: 🔍
Contramedidas
Recomendação: AtualizaçãoEstado: 🔍
Tempo 0-dia: 🔒
Linha do tempo
16/04/2025 CVE atribuído13/01/2026 Aviso publicado
13/01/2026 Entrada VulDB criada
14/01/2026 Última atualização da VulDB
Fontes
Fabricante: siemens.comAconselhamento: ssa-001536
Estado: Confirmado
CVE: CVE-2025-40805 (🔒)
GCVE (CVE): GCVE-0-2025-40805
GCVE (VulDB): GCVE-100-340562
CERT Bund: WID-SEC-2026-0073 - Siemens Industrial Edge Devices: Schwachstelle ermöglicht das Erlangen von Nutzerrechten
Entrada
Criado: 13/01/2026 12h19Atualizado: 14/01/2026 00h43
Ajustamentos: 13/01/2026 12h19 (76), 14/01/2026 00h43 (7)
Completo: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Ainda sem comentários. Idiomas: pt + es + en.
Por favor, inicie sessão para comentar.