PatchSiren cyber security CVE debrief
CVE-2025-40742 Cert Portal CVE debrief
CVE-2025-40742 affects a broad set of Siemens SIPROTEC 5 and Compact 7SX800 devices. The issue is that some device functions place session identifiers in URL requests, which can expose those identifiers through browser history, logs, or other storage mechanisms. If an attacker obtains such data, it could contribute to unauthorized access. The CVE was published on 2025-07-08 and last modified on 2026-05-12.
- Vendor
- Cert Portal
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2026-05-12
- Advisory published
- 2025-07-08
- Advisory updated
- 2026-05-12
Who should care
OT security teams, substation and grid operators, protection relay administrators, Siemens SIPROTEC 5 customers, and anyone responsible for monitoring logs, browser artifacts, or remote access workflows involving these devices.
Technical summary
NVD classifies the weakness as CWE-598 (Information Exposure Through Query Strings in GET Request), with a CVSS v4.0 score of 6.0 (Medium). The supplied record describes affected SIPROTEC 5 models and notes that session identifiers are included in URL requests for certain functionalities. Because URLs can be preserved in browser history, proxy records, web server logs, and similar storage, those identifiers may be retrievable by an attacker with access to such artifacts. NVD lists the vulnerability status as Deferred in the supplied metadata.
Defensive priority
Medium. This is not marked as known exploited in the supplied corpus, but it affects many operational devices and can expose credentials or session material indirectly through routine logging and history artifacts.
Recommended defensive actions
- Review the Siemens advisory referenced by NVD for the exact affected model and version combinations.
- Identify whether any SIPROTEC 5 management or service workflows in your environment pass session identifiers in URLs.
- Check for logging, proxying, or browser-history retention that could preserve sensitive URL parameters.
- Limit access to operational logs and workstation/browser artifacts that may contain session data.
- Apply vendor guidance or firmware updates when available, especially for versions listed as below V11.0 in the supplied record.
- Invalidate and rotate any session material that may have been exposed in logs or history.
- Prefer authentication and session handling patterns that do not place identifiers in URLs where operationally possible.
Evidence notes
Evidence is limited to the supplied CVE record and NVD metadata. The record states that affected devices include session identifiers in URL requests for certain functionalities and that this can expose sensitive session data via browser history, logs, or other storage mechanisms. NVD supplies CWE-598, CVSS 4.0 vector details, publication date 2025-07-08, modification date 2026-05-12, and a reference to Siemens advisory SSA-904646. No additional advisory text was supplied here.
Official resources
-
CVE-2025-40742 CVE record
CVE.org
-
CVE-2025-40742 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Publicly disclosed CVE. No exploit code or weaponized reproduction is included here.