cve-2025-40594

About this tag
CVE-2025-40594 is a privilege escalation vulnerability affecting Siemens SINAMICS drive systems, as detailed in Siemens security advisory SSA-027652. The flaw allows an attacker to perform a factory reset and manipulate configuration settings without the required privileges. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) republished the advisory as ICSA-25-254-03 on September 11, 2025, to alert operators and highlight vendor remediation status. Discussions on WindowsForum.com cover the technical details, impact on industrial control systems, and recommended mitigation steps for administrators managing SINAMICS devices.
  1. Siemens SINAMICS Privilege Escalation Advisory: CVE-2025-40594

    Siemens has published a security advisory (SSA-027652) describing a privilege‑escalation vulnerability in its SINAMICS drive family that allows a factory reset and configuration manipulation without the required privileges, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA)...