CVE-2025-40937

High

Published: 09 December 2025

Published

09 December 2025

Modified

10 December 2025

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score 0.0014 34.1th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to…

execute arbitrary code with limited privileges.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the root cause by requiring validation of REST API input parameters to prevent mishandling of unexpected arguments leading to command injection.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation, such as patching SIMATIC CN 4100 to V4.0.1 or later, to eliminate the improper input validation vulnerability.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict the scope and impact of arbitrary code execution to only necessary low-privilege operations.

Security SummaryAI

CVE-2025-40937 affects SIMATIC CN 4100 in all versions prior to V4.0.1. The vulnerability arises from improper validation of input parameters in the application's REST API, which results in mishandling of unexpected arguments. Classified under CWE-77, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).

An authenticated attacker with low privileges can exploit this issue remotely over the network with low attack complexity and without requiring user interaction. Exploitation enables execution of arbitrary code under limited privileges, granting high-impact access to confidentiality and integrity while causing low impact to availability.

The Siemens security advisory at https://cert-portal.siemens.com/productcert/html/ssa-416652.html provides details on mitigation, including updating to version V4.0.1 or later to address the vulnerability in affected versions.

Details

CWE(s): CWE-77

Affected Products

siemens

simatic cn 4100 firmware

≤ 4.0.1

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Vulnerability enables remote arbitrary code execution via command injection (CWE-77) in network-accessible REST API by low-privilege authenticated attackers, directly mapping to Exploitation of Remote Services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://cert-portal.siemens.com/productcert/html/ssa-416652.html
Vendor Advisory · productcert@siemens.com