CVE-2025-40897 Siemens CVE debrief

Who should care

OT/ICS security teams, Siemens RUGGEDCOM APE1808 administrators, and any organization that delegates view-only access to Threat Intelligence while relying on the rules configuration for operational control.

Technical summary

The supplied CISA/Siemens advisory says a specific access restriction was not properly enforced for users with view-only privileges in Threat Intelligence. Because the authorization check fails, an authenticated low-privilege user may carry out administrative actions, changing configuration and potentially disrupting availability. The advisory lists CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H and CWE-863.

Defensive priority

High

Recommended defensive actions

• Review Threat Intelligence role assignments and confirm that view-only accounts cannot access any administrative functions.
• Apply vendor guidance from the official Siemens/CISA advisories as soon as feasible and verify the exact affected product/update path before deployment.
• Audit rules and configuration changes for unexpected or unauthorized modifications.
• Restrict administrative access to the minimum necessary personnel and separate read-only and admin workflows.
• Use CISA ICS recommended practices and defense-in-depth guidance to limit the impact of privileged-account misuse.

Evidence notes

The source advisory is CISA ICSA-26-015-07 for Siemens RUGGEDCOM APE1808, published 2026-01-13 and last updated 2026-05-14. Its revision history shows CVE-2025-40897 was added in revision 5 on 2026-05-12 and the advisory was republished in revision 6 on 2026-05-14. The supplied remediation field says 'Upgrade Nozomi Guardian to v26.2.0,' which does not match the Siemens RUGGEDCOM APE1808 advisory title; treat that remediation text cautiously and confirm against the Siemens ProductCERT references.

Official resources