Vulnerability in Siemens Sirius 3rk3 Modular Safety System (Mss)
CVE-2025-24009
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with netw…
EPSS: 0.004 (28.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Siemens Sirius 3rk3 Modular Safety System (Mss) — versions 0
- Siemens Sirius Safety Relays 3sk2 — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-24009?
- CVE-2025-24009 is a medium-severity vulnerability in Siemens Sirius 3rk3 Modular Safety System (Mss), classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 5.9/10. Published 2025-05-13.
- How severe is CVE-2025-24009?
- Medium severity. CVSS v3 base score is 5.9 out of 10.
- Is CVE-2025-24009 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.