Vulnerability-Lookup

CNVD-2026-10344

Vulnerability from cnvd - Published: 2026-02-06

Title

Siemens RUGGEDCOM输入验证错误漏洞

Description

Siemens RUGGEDCOM是德国西门子（Siemens）公司的一个通信设备。为电力，交通，石油和天然气及其他行业提供快速可靠的通信。 Siemens RUGGEDCOM存在输入验证错误漏洞，该漏洞源于TLS证书上传过程中输入验证不足，攻击者可利用该漏洞导致设备崩溃和重启。

Severity

中

Patch Name

Siemens RUGGEDCOM输入验证错误漏洞的补丁

Patch Description

Siemens RUGGEDCOM是德国西门子（Siemens）公司的一个通信设备。为电力，交通，石油和天然气及其他行业提供快速可靠的通信。 Siemens RUGGEDCOM存在输入验证错误漏洞，该漏洞源于TLS证书上传过程中输入验证不足，攻击者可利用该漏洞导致设备崩溃和重启。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/html/ssa-763474.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-40935

Impacted products

Name
['SIEMENS RUGGEDCOM RMC8388 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS416Pv2 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS416v2 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS900 (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS900G (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2100 (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2100P (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2288 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2300 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2300P V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2488 V5.X <V5.10.1', 'Siemens RUGGEDCOM RSG907R <V5.10.1', 'Siemens RUGGEDCOM RSG908C <V5.10.1', 'Siemens RUGGEDCOM RSG909R <V5.10.1', 'Siemens RUGGEDCOM RSG910C <V5.10.1', 'SIEMENS RUGGEDCOM RSG920P V5.X <V5.10.1', 'Siemens RUGGEDCOM RSL910 <V5.10.1', 'Siemens RUGGEDCOM RST2228 <V5.10.1', 'Siemens RUGGEDCOM RST2228P <V5.10.1', 'Siemens RUGGEDCOM RST916C <V5.10.1', 'Siemens RUGGEDCOM RST916P <V5.10.1']

Name

['SIEMENS RUGGEDCOM RMC8388 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS416Pv2 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS416v2 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS900 (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RS900G (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2100 (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2100P (32M) V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2288 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2300 V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2300P V5.X <V5.10.1', 'SIEMENS RUGGEDCOM RSG2488 V5.X <V5.10.1', 'Siemens RUGGEDCOM RSG907R <V5.10.1', 'Siemens RUGGEDCOM RSG908C <V5.10.1', 'Siemens RUGGEDCOM RSG909R <V5.10.1', 'Siemens RUGGEDCOM RSG910C <V5.10.1', 'SIEMENS RUGGEDCOM RSG920P V5.X <V5.10.1', 'Siemens RUGGEDCOM RSL910 <V5.10.1', 'Siemens RUGGEDCOM RST2228 <V5.10.1', 'Siemens RUGGEDCOM RST2228P <V5.10.1', 'Siemens RUGGEDCOM RST916C <V5.10.1', 'Siemens RUGGEDCOM RST916P <V5.10.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-40935",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-40935"
    }
  },
  "description": "Siemens RUGGEDCOM\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u901a\u4fe1\u8bbe\u5907\u3002\u4e3a\u7535\u529b\uff0c\u4ea4\u901a\uff0c\u77f3\u6cb9\u548c\u5929\u7136\u6c14\u53ca\u5176\u4ed6\u884c\u4e1a\u63d0\u4f9b\u5feb\u901f\u53ef\u9760\u7684\u901a\u4fe1\u3002\n\nSiemens RUGGEDCOM\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eTLS\u8bc1\u4e66\u4e0a\u4f20\u8fc7\u7a0b\u4e2d\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5d29\u6e83\u548c\u91cd\u542f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-763474.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-10344",
  "openTime": "2026-02-06",
  "patchDescription": "Siemens RUGGEDCOM\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u901a\u4fe1\u8bbe\u5907\u3002\u4e3a\u7535\u529b\uff0c\u4ea4\u901a\uff0c\u77f3\u6cb9\u548c\u5929\u7136\u6c14\u53ca\u5176\u4ed6\u884c\u4e1a\u63d0\u4f9b\u5feb\u901f\u53ef\u9760\u7684\u901a\u4fe1\u3002\r\n\r\nSiemens RUGGEDCOM\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eTLS\u8bc1\u4e66\u4e0a\u4f20\u8fc7\u7a0b\u4e2d\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5d29\u6e83\u548c\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens RUGGEDCOM\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS RUGGEDCOM RMC8388 V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RS416Pv2 V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RS416v2 V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RS900 (32M) V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RS900G (32M) V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG2100 (32M) V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG2100P (32M) V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG2288 V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG2300 V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG2300P V5.X \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG2488 V5.X \u003cV5.10.1",
      "Siemens RUGGEDCOM RSG907R \u003cV5.10.1",
      "Siemens RUGGEDCOM RSG908C \u003cV5.10.1",
      "Siemens RUGGEDCOM RSG909R \u003cV5.10.1",
      "Siemens RUGGEDCOM RSG910C \u003cV5.10.1",
      "SIEMENS RUGGEDCOM RSG920P V5.X \u003cV5.10.1",
      "Siemens RUGGEDCOM RSL910 \u003cV5.10.1",
      "Siemens RUGGEDCOM RST2228 \u003cV5.10.1",
      "Siemens RUGGEDCOM RST2228P \u003cV5.10.1",
      "Siemens RUGGEDCOM RST916C \u003cV5.10.1",
      "Siemens RUGGEDCOM RST916P \u003cV5.10.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-40935",
  "serverity": "\u4e2d",
  "submitTime": "2025-12-15",
  "title": "Siemens RUGGEDCOM\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2025-40935 (GCVE-0-2025-40935)

Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2025-12-09 15:35

Summary

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

RUGGEDCOM RMC8388 V5.X

Affected: 0 , < V5.10.1 (custom)

Siemens	RUGGEDCOM RS416Pv2 V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RS416v2 V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RS900 (32M) V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RS900G (32M) V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG2100 (32M) V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG2100P (32M) V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG2288 V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG2300 V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG2300P V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG2488 V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG907R	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG908C	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG909R	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG910C	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSG920P V5.X	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RSL910	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RST2228	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RST2228P	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RST916C	Affected: 0 , < V5.10.1 (custom)
Siemens	RUGGEDCOM RST916P	Affected: 0 , < V5.10.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T15:34:03.895420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T15:35:36.265Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416Pv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416v2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG907R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG908C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG909R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG910C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions \u003c V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions \u003c V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSG907R (All versions \u003c V5.10.1), RUGGEDCOM RSG908C (All versions \u003c V5.10.1), RUGGEDCOM RSG909R (All versions \u003c V5.10.1), RUGGEDCOM RSG910C (All versions \u003c V5.10.1), RUGGEDCOM RSG920P V5.X (All versions \u003c V5.10.1), RUGGEDCOM RSL910 (All versions \u003c V5.10.1), RUGGEDCOM RST2228 (All versions \u003c V5.10.1), RUGGEDCOM RST2228P (All versions \u003c V5.10.1), RUGGEDCOM RST916C (All versions \u003c V5.10.1), RUGGEDCOM RST916P (All versions \u003c V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T10:44:34.649Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-763474.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40935",
    "datePublished": "2025-12-09T10:44:34.649Z",
    "dateReserved": "2025-04-16T09:06:15.878Z",
    "dateUpdated": "2025-12-09T15:35:36.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-10344

CVE-2025-40935 (GCVE-0-2025-40935)

Tags

Sightings

Nomenclature