Description

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

INFO

Published Date :

2025-12-09T10:44:30.977Z

Last Modified :

2025-12-09T15:55:23.400Z

Source :

siemens
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40820 vulnerability.

Vendors Products
Siemens
  • Sidoor Atd430w
  • Sidoor Ate530s Coated
  • Simatic
  • Simatic Cfc
  • Simatic Cfu Diq
  • Simatic Cfu Pa
  • Simatic Et200al Im 157-1 Pn
  • Simatic Et200sp Im155-6 Mf Hf
  • Simatic Et 200mp Im 155-5 Pn Hf
  • Simatic Et 200s
  • Simatic Pcs
  • Simatic Pdm
  • Simatic S7-1500 Cpu 1510sp-1 Pn
  • Simatic S7-1500 Cpu 1510sp F-1 Pn
  • Simatic S7-1500 Cpu 1512sp-1 Pn
  • Simatic S7-1500 Cpu 1512sp F-1 Pn
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40820.

URL Resource
https://cert-portal.siemens.com/productcert/html/ssa-915282.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact