Vulnerability Details CVE-2025-40937
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments.
This could allow an authenticated attacker to execute arbitrary code with limited privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.4%
CVSS Severity
CVSS v3 Score 8.3
Products affected by CVE-2025-40937
-
cpe:2.3:h:siemens:simatic_cn_4100:-
-
cpe:2.3:o:siemens:simatic_cn_4100_firmware:*