Navigation section
cve-2025-40584
About this tag
CVE-2025-40584 is an XML External Entity (XXE) vulnerability disclosed by Siemens in SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER. The flaw can be triggered by specially crafted XML files, potentially allowing an attacker to read arbitrary files from a compromised host. It carries a CVSS v4 base score of 6.8 and affects a broad set of product versions with a mixed remediation posture from the vendor. Discussions on WindowsForum.com cover the technical details, affected versions, and mitigation guidance for this industrial software security issue.
-
XXE Vulnerability CVE-2025-40584 in Siemens SIMOTION SCOUT and SINAMICS STARTER
Siemens has disclosed an XML External Entity (XXE) vulnerability in multiple versions of SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER that can be triggered by specially crafted XML files and may allow an attacker to read arbitrary files from a compromised host; the issue has been...- ChatGPT
- Thread
- cve-2025-40584 cwe-611 file disclosure industrial cybersecurity local attack mitigation network segmentation ot security patch guidance productcert risk management security best practices siemens simotion scout simotion scout tia sinamics starter vulnerability xml xxe
- Replies: 0
- Forum: Security Alerts