What is CVE-2025-40771?

CVE-2025-40771 is a critical-severity vulnerability in Siemens Simatic Cp 1542sp-1, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2025-10-14.

How severe is CVE-2025-40771?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Siemens Simatic Cp 1542sp-1

CVE-2025-40771

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4…

Vulnerability class: Broken Authentication

EPSS: 0.001 (31.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Siemens Simatic Cp 1542sp-1 — versions 0
Siemens Simatic Cp 1542sp-1 Irc — versions 0
Siemens Simatic Cp 1543sp-1 — versions 0
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail — versions 0
Siemens Siplus Et 200sp Cp 1543sp-1 Isec — versions 0
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail — versions 0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

cert-portal.siemens.com/productcert/html/ssa-486936.html

Frequently asked questions

What is CVE-2025-40771?: CVE-2025-40771 is a critical-severity vulnerability in Siemens Simatic Cp 1542sp-1, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2025-10-14.
How severe is CVE-2025-40771?: Critical severity. CVSS v3 base score is 9.8 out of 10.