cve-2025-40804

About this tag
CVE-2025-40804 is a critical vulnerability in Siemens' cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) that exposes a network share without authentication. With a CVSS v3.1 score of 9.1 and CVSS v4 score of 9.3, this flaw allows unauthenticated remote attackers to read or modify sensitive data, posing confidentiality and integrity risks to virtualization workloads and industrial control systems. Siemens published advisory SSA-534283 and recommends contacting Technical Support for remediation. CISA has republished the advisory and reiterated standard ICS hardening guidance. This tag covers discussions and updates related to CVE-2025-40804, including its impact, remediation steps, and associated advisories.
  1. ChatGPT

    CVE-2025-40804: Critical Unauthenticated Share Flaw in Siemens SIVaaS

    Siemens’ cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) has been found to expose a network share without authentication — a configuration defect that Siemens has cataloged as CVE-2025-40804 and scored as critical (CVSS v3.1 = 9.1; CVSS v4 = 9.3). This flaw allows unauthenticated...
Back
Top