What Siemens products are affected by CVE-2025-40771?

The vulnerability impacts six product lines within the Siemens SIMATIC ET 200SP family: SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL, SIPLUS ET 200SP CP 1543SP-1 ISEC, and SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL. All versions prior to V2.4.24 of these products are vulnerable.

What is the CVSS severity score for CVE-2025-40771?

CVE-2025-40771 has a CVSS score of 9.3, which indicates critical severity. This high score reflects the vulnerability's ability to allow unauthenticated remote attackers to completely bypass authentication and access sensitive configuration data without any user interaction or prior credentials required.

What can attackers do by exploiting CVE-2025-40771?

Attackers exploiting CVE-2025-40771 can bypass security controls entirely and gain unauthorized access to configuration data that manages the communication processors. This access to sensitive configuration information could enable further attacks, allow modification of industrial control systems, or provide intelligence for targeting critical infrastructure operations.

Do attackers need authentication to exploit CVE-2025-40771?

No, attackers do not need authentication to exploit CVE-2025-40771. The vulnerability is specifically a Missing Authentication for Critical Function issue that allows unauthenticated remote attackers to access configuration data without any credentials. This makes the vulnerability particularly dangerous for industrial control systems exposed to network access.

Has Siemens patched CVE-2025-40771?

Yes, Siemens has patched the vulnerability. Version V2.4.24 and later versions of all affected SIMATIC ET 200SP communication processor models are not vulnerable. Organizations running versions prior to V2.4.24 should update to this version or later as soon as possible to protect their systems.

What versions of SIMATIC ET 200SP products are vulnerable?

All versions prior to V2.4.24 of the affected SIMATIC ET 200SP communication processor models are vulnerable. This includes all six product lines: SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL, SIPLUS ET 200SP CP 1543SP-1 ISEC, and SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL.

What should organizations do about CVE-2025-40771?

Organizations should update all affected SIMATIC ET 200SP communication processor products to version V2.4.24 or later as soon as possible. For organizations unable to immediately update, Siemens recommends implementing network access restrictions as an interim measure to limit exposure of vulnerable systems.

What mitigation is available if immediate patching is not possible?

Organizations unable to immediately update to version V2.4.24 or later must implement network access restrictions as an interim measure. This can help reduce exposure of vulnerable communication processors while organizations plan and implement the permanent fix of updating to the patched version.

What are SIMATIC ET 200SP communication processors used for?

SIMATIC ET 200SP communication processors are industrial automation components used in critical infrastructure and manufacturing environments. They manage communications and configuration for distributed I/O systems, making them essential components in operational technology environments. The vulnerability in these devices poses significant risks to industrial control systems.

What type of vulnerability is CVE-2025-40771?

CVE-2025-40771 is classified as a Missing Authentication for Critical Function vulnerability. This type of vulnerability occurs when a system fails to properly authenticate users before granting access to critical functions, in this case allowing unauthenticated remote attackers to access sensitive configuration data that should be protected by proper authentication mechanisms.

Why is CVE-2025-40771 considered critical?

CVE-2025-40771 is considered critical with a CVSS score of 9.3 because it allows unauthenticated remote attackers to completely bypass authentication and access sensitive configuration data for industrial communication processors. The vulnerability requires no authentication, no user interaction, and affects critical infrastructure components used in manufacturing and industrial control systems worldwide. Unauthorized access to configuration data could enable further compromise of industrial systems.

How many Siemens product lines are affected by CVE-2025-40771?

Six product lines within the Siemens SIMATIC ET 200SP family are affected by CVE-2025-40771. These include three SIMATIC CP models and three SIPLUS ET 200SP CP models, all of which are communication processors used in industrial automation environments. All versions prior to V2.4.24 of these six product lines are vulnerable.

Advisory

Critical authentication flaw in Siemens SIMATIC ET 200SP Communication Processors exposes configuration data

Q: What is CVE-2025-40771?

CVE-2025-40771 is a critical security vulnerability with a CVSS score of 9.3 in multiple Siemens SIMATIC ET 200SP communication processor models. It is a Missing Authentication for Critical Function vulnerability that fails to properly authenticate configuration connections, allowing unauthenticated remote attackers to bypass security controls entirely and gain access to sensitive configuration data that manages the communication processors.

published: Oct. 16, 2025

Take action: If you're using Siemens SIMATIC ET 200SP communication processors, make sure they are isolated from the internet and accessible only from trusted networks. Then plan a regular update cucle to V2.4.24 or later. This is not an urgent patch, but don't ignore it.

Learn More

Siemens has patched a critical vulnerability in multiple SIMATIC ET 200SP communication processor models that could allow unauthenticated remote attackers to access sensitive configuration data.

The vulnerability is tracked as CVE-2025-40771 (CVSS score 9.3), is a Missing Authentication for Critical Function vulnerability that fails to properly authenticate configuration connections, enabling attackers to bypass security controls entirely and gain access to configuration data that manages the communication processors.

The vulnerability impacts six product lines within the Siemens SIMATIC ET 200SP family:

Siemens SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0): All versions prior to V2.4.24
Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0): All versions prior to V2.4.24
Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0): All versions prior to V2.4.24
Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0): All versions prior to V2.4.24
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): All versions prior to V2.4.24
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): All versions prior to V2.4.24

All affected products should be updated to version V2.4.24 or later.

Organizations unable to immediately update to version V2.4.24 or should must implement network access restrictions as an interim measure.

Critical authentication flaw in Siemens SIMATIC ET 200SP Communication Processors exposes configuration data

Read More
WHILL electric wheelchairs vulnerable to remote bluetooth hijacking
Schweitzer Engineering Labs Software Vulnerabilities expose remote code …
Multiple flaws reported in Growatt Cloud Platform
Hubitat Patches Critical Authorization Bypass in Elevation Hubs
Critical command injection flaw reported in Veeder-Root TLS4B …