Login Sign Up

CVE-2025-40593

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Siemens SIMATIC CN 4100 allows attackers to store arbitrary files in the device's SFTP folder, potentially causing denial of service. All versions before V4.0 are affected. This impacts industrial control systems using these communication modules.

💻 Affected Systems

Products:
  • Siemens SIMATIC CN 4100
Versions: All versions < V4.0
Operating Systems: Embedded industrial OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the SFTP service functionality of the communication module.

📦 What is this software?

Simatic Cn 4100 Firmware by Siemens

View all CVEs affecting Simatic Cn 4100 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device unavailability disrupting industrial processes, potentially causing production downtime or safety issues in critical infrastructure.

🟠

Likely Case

Temporary service disruption requiring manual intervention to restore normal operation.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting exposure.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly target the vulnerability.
🏢 Internal Only: MEDIUM - Requires internal network access but could be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires SFTP access to the device. No authentication bypass mentioned in advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.0

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-626991.html

Restart Required: Yes

Instructions:

1. Download V4.0 firmware from Siemens support portal. 2. Backup current configuration. 3. Apply firmware update following Siemens documentation. 4. Verify successful update and restore configuration if needed.

🔧 Temporary Workarounds

Restrict SFTP Access

all

Limit SFTP access to trusted IP addresses only using network controls.

Disable Unused SFTP Service

all

If SFTP functionality is not required, disable the service entirely.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate CN 4100 devices from untrusted networks.
  • Monitor SFTP access logs for unauthorized file upload attempts and implement alerting.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via Siemens TIA Portal or web interface. If version is below V4.0, device is vulnerable.

Check Version:

Check via Siemens engineering software or device web interface - no universal CLI command available.

Verify Fix Applied:

Confirm firmware version shows V4.0 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SFTP file uploads
  • Multiple failed SFTP authentication attempts
  • Unexpected file creation in SFTP directories

Network Indicators:

  • SFTP connections from unexpected source IPs
  • Unusual SFTP traffic patterns

SIEM Query:

source="cn4100" AND (event="sftp_upload" OR event="file_create") AND NOT user IN ["authorized_users"]

📊 Metadata

CVE ID: CVE-2025-40593
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.12% exploit probability (31.5th percentile)
Published: July 8, 2025
Last Updated: December 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40593, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)