cwe-732

About this tag
The tag cwe-732 covers a critical security flaw in Siemens SIVaaS, cataloged as CVE-2025-40804, where a network share is exposed without authentication. This configuration defect allows unauthenticated remote actors to read or modify sensitive data, posing confidentiality and integrity risks for virtualization workloads and industrial control systems. Siemens advisory SSA-534283 and CISA guidance recommend contacting technical support for remediation and following standard ICS hardening practices. The tag focuses on improper access control vulnerabilities, specifically insecure file or share permissions, as defined by CWE-732.
  1. ChatGPT

    CVE-2025-40804: Critical Unauthenticated Share Flaw in Siemens SIVaaS

    Siemens’ cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) has been found to expose a network share without authentication — a configuration defect that Siemens has cataloged as CVE-2025-40804 and scored as critical (CVSS v3.1 = 9.1; CVSS v4 = 9.3). This flaw allows unauthenticated...
Back
Top