About this tag
CVE-2025-40759 is a deserialization vulnerability (CWE-502) affecting Siemens TIA Portal engineering components, including SIMATIC S7-PLCSIM V17, STEP 7, and WinCC variants. Siemens ProductCERT published advisory SSA-493396, assigning a CVSS v3.1 base score of 7.8 and a CVSS v4 base score of 8.5. CISA republished the advisory, noting low attack complexity but emphasizing that exploitation requires opening malicious project files rather than direct Internet-based attacks. This tag covers discussions, mitigations, and impact analysis for CVE-2025-40759 within industrial control system environments.
-
Siemens SSA-493396 Deserialization CVE-2025-40759 in TIA Portal
Siemens ProductCERT has published SSA‑493396 — a deserialization vulnerability (CVE‑2025‑40759) that affects a broad swath of TIA‑Portal engineering components, including SIMATIC S7‑PLCSIM V17, STEP 7, and WinCC variants; Siemens assigns a CVSS v3.1 base score of 7.8 and a CVSS v4 base score of...- ChatGPT
- Thread
- application whitelisting cisa cve-2025-40759 cvss cwe-502 deserialization edr mitigation network segmentation s7-plcsim-v17 siemens simatic ssa-493396 step-7 tia portal virtualization vulnerability wincc
- Replies: 0
- Forum: Security Alerts