CVE-2025-40594

MEDIUM 6.3

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

CWE	CWE-269
Vendor	siemens
Product	sinamics g220 v6.4
Ecosystems	ICS/SCADA
Industries	IndustrialManufacturing
Published	Sep 9, 2025
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for siemens sinamics g220 v6.4

Be the first to know when new medium vulnerabilities affecting siemens sinamics g220 v6.4 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Siemens / SINAMICS G220 V6.4

0 < V6.4 HF2

Siemens / SINAMICS S200 V6.4

0 < V6.4 HF7

Siemens / SINAMICS S210 V6.4

0 < V6.4 HF2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-027652.html