CVE-2025-40937 - CERT CVE

  1. CVE-2025-40937

ID CVE-2025-40937
Sažetak A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges.
Reference
CVSS
Base: 8.3
Impact: 5.5
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Zadnje važnije ažuriranje 10-12-2025 - 21:37
Objavljeno 09-12-2025 - 16:17