You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-40743
About this tag
CVE-2025-40743 is a high-severity vulnerability affecting Siemens SINUMERIK CNC platforms. It involves an improper VNC password check that allows an attacker on an adjacent network to bypass authentication and gain unauthorized remote access. The vulnerability carries a CVSS v3.1 score of 8.3 and a CVSS v4 score of 8.7. Siemens has released patches for affected versions, and U.S. cyber authorities recommend immediate application of these updates or implementation of mitigations to reduce exposure. This tag covers discussions about the vulnerability, its impact on industrial control systems, and remediation steps for Windows-based environments that manage or interface with SINUMERIK systems.
Siemens has published fixes for an improper VNC password check in multiple SINUMERIK CNC platforms after researchers discovered that the systems’ VNC access service can be reached with insufficient password verification, allowing an attacker on an adjacent network to gain unauthorized remote...