What is CVE-2025-40943?

CVE-2025-40943 is a critical-severity vulnerability in Siemens Simatic Drive Controller Cpu 1504d Tf, classified under Eval Injection. CVSS score: 9.6/10. Published 2026-03-10.

How severe is CVE-2025-40943?

Critical severity. CVSS v3 base score is 9.6 out of 10.

RCE in Siemens Simatic Drive Controller Cpu 1504d Tf

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted t…

EPSS: 0.001 (17.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Siemens Simatic Drive Controller Cpu 1504d Tf — versions 0
Siemens Simatic Drive Controller Cpu 1507d Tf — versions 0
Siemens Simatic Et 200sp Cpu 1510sp-1 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1510sp F-1 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1512sp-1 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1512sp F-1 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1514sp-2 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1514sp F-2 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1514spt-2 Pn — versions 0
Siemens Simatic Et 200sp Cpu 1514spt F-2 Pn — versions 0

Weakness classification (CWE)

CWE-95 — Eval Injection

References

cert-portal.siemens.com/productcert/html/ssa-452276.html

Frequently asked questions

What is CVE-2025-40943?: CVE-2025-40943 is a critical-severity vulnerability in Siemens Simatic Drive Controller Cpu 1504d Tf, classified under Eval Injection. CVSS score: 9.6/10. Published 2026-03-10.
How severe is CVE-2025-40943?: Critical severity. CVSS v3 base score is 9.6 out of 10.