You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cwe-732
About this tag
The tag cwe-732 covers a critical security flaw in Siemens SIVaaS, cataloged as CVE-2025-40804, where a network share is exposed without authentication. This configuration defect allows unauthenticated remote actors to read or modify sensitive data, posing confidentiality and integrity risks for virtualization workloads and industrial control systems. Siemens advisory SSA-534283 and CISA guidance recommend contacting technical support for remediation and following standard ICS hardening practices. The tag focuses on improper access control vulnerabilities, specifically insecure file or share permissions, as defined by CWE-732.
Siemens’ cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) has been found to expose a network share without authentication — a configuration defect that Siemens has cataloged as CVE-2025-40804 and scored as critical (CVSS v3.1 = 9.1; CVSS v4 = 9.3). This flaw allows unauthenticated...