CVE-2025-40584
CVE-2025-40584
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions < V5.7 HF2). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Siemens · SIMOTION SCOUT TIA V5.4Siemens · SIMOTION SCOUT TIA V5.5Siemens · SIMOTION SCOUT TIA V5.6Siemens · SIMOTION SCOUT TIA V5.7Siemens · SIMOTION SCOUT V5.4Siemens · SIMOTION SCOUT V5.5Siemens · SIMOTION SCOUT V5.6Siemens · SIMOTION SCOUT V5.7Siemens · SINAMICS STARTER V5.5Siemens · SINAMICS STARTER V5.6Siemens · SINAMICS STARTER V5.7¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →