CVE-2025-40567 Siemens CVE debrief

Who should care

OT and industrial network teams running Siemens RUGGEDCOM RST2428P or affected SCALANCE models should care most, especially where the web interface is exposed and guest accounts are enabled.

Technical summary

The flaw is an incorrect authorization check in the "Load Rollback" feature. The source advisory states that a remote authenticated attacker with guest privileges can invoke rollback behavior on affected devices and revert privileged configuration changes. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating network reachability and a primary integrity impact.

Defensive priority

Medium overall; higher priority in environments that expose the device web interface or rely on guest-role access controls for operational segmentation.

Recommended defensive actions

• Identify exposed Siemens devices in the affected product list and confirm firmware/version status.
• Update to V3.2 or later using the vendor remediation referenced in the advisory.
• Restrict or remove guest-role access to the web interface where operationally feasible.
• Review recent configuration history and rollback events for unexpected changes.
• Follow CISA ICS hardening and defense-in-depth guidance for management-plane exposure and account control.

Evidence notes

Primary evidence comes from CISA CSAF advisory ICSA-25-162-04, which republishes Siemens ProductCERT advisory SSA-693776 and describes the incorrect authorization check in "Load Rollback." The source metadata lists CVE publication on 2025-06-10 and a later CISA republication on 2026-01-14. The advisory lists 15 affected Siemens products, including RUGGEDCOM RST2428P and multiple SCALANCE XCH/XCM/XRH/XRM models, with remediation to update to V3.2 or later. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Official resources