PatchSiren cyber security CVE debrief
CVE-2025-40568 Siemens CVE debrief
CVE-2025-40568 is an authorization flaw in the web interface session-termination function of affected Siemens products. An authenticated remote attacker with the guest role could terminate legitimate users’ sessions, creating a service-disruption risk rather than a confidentiality or integrity issue. The advisory was published on 2025-06-10 and later republished on 2026-01-14 with Siemens ProductCERT material; a 2026-01-13 revision corrected one SCALANCE family to known not affected.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-01-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-01-14
Who should care
Siemens customers and operators running affected RUGGEDCOM RST2428P or impacted SCALANCE devices, especially OT administrators, network operations teams, and security teams responsible for account governance and firmware maintenance.
Technical summary
The issue is an incorrect authorization check in an internal session-termination function exposed through the web interface. Because the attacker must already be authenticated and hold the guest role, the impact is limited to availability: a guest user may be able to terminate other users’ sessions. The supplied CVSS vector reflects network reachability, low attack complexity, low privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, and low availability impact.
Defensive priority
Medium. The flaw is authenticated-only and availability-focused, but it affects OT network and device management interfaces where session disruption can still interfere with operations.
Recommended defensive actions
- Update affected devices to Siemens version V3.2 or later, per the vendor remediation.
- Verify exact model and part number against the Siemens/CISA affected-product list before scheduling changes.
- Review guest-role assignments and remove or minimize guest access where operationally possible.
- Apply OT defense-in-depth and access-control practices from CISA guidance, including limiting administrative exposure and monitoring management-plane activity.
- If immediate updating is not possible, use compensating controls to restrict access to the web interface and closely monitor for unexpected session termination events.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-162-04 and the linked Siemens ProductCERT advisory SSA-693776. The source description states that the vulnerability is an incorrect authorization check in internal session termination functionality and that an authenticated remote attacker with guest role could terminate legitimate users’ sessions. Remediation is listed as V3.2 or later for the affected product IDs. The source advisory revision history shows an initial publication on 2025-06-10, a 2026-01-13 correction to one SCALANCE family being known not affected, and a 2026-01-14 republication of Siemens ProductCERT advisory content.
Official resources
-
CVE-2025-40568 CVE record
CVE.org
-
CVE-2025-40568 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published 2025-06-10; modified 2026-01-14. Source revision history notes a 2026-01-13 correction and a 2026-01-14 republication of Siemens ProductCERT advisory content.