← back
CVE-2025-23403

CVE-2025-23403

CVSS 7.3 HIGHEPSS 0.1%CWE-732
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Siemens · SIMATIC IPC DiagBaseSiemens · SIMATIC IPC DiagMonitor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-369369.html