CVE-2025-40935 Siemens CVE debrief

Who should care

Industrial network operators, OT administrators, and Siemens RUGGEDCOM defenders who manage affected V5.X devices—especially where the web service is reachable and certificate uploads are part of normal administration.

Technical summary

The flaw is an input validation failure during TLS certificate upload in the web service. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, indicating network reachability, low attack complexity, required low privileges, no user interaction, and availability-only impact. The documented effect is a device crash and reboot that creates a temporary denial of service.

Defensive priority

Medium priority. Patch promptly if affected devices are in production, exposed to remote administration, or used in critical availability-dependent environments.

Recommended defensive actions

• Update affected devices to V5.10.1 or later, as recommended by Siemens.
• Restrict access to the web service to trusted administrative networks and accounts only.
• Review who can upload TLS certificates and remove unnecessary administrative privileges.
• Monitor affected devices for unexpected reboots or certificate upload activity.
• Follow CISA and Siemens industrial control system defense-in-depth guidance for segmentation, access control, and monitoring.

Evidence notes

This debrief is based on the supplied CISA CSAF source item ICSA-26-015-05 and Siemens ProductCERT advisory SSA-763474 referenced therein. The source description states that affected devices do not properly validate input during TLS certificate upload, enabling an authenticated remote attacker to trigger a crash and reboot. The advisory was published on 2025-12-09 and republished/updated on 2026-01-14 with Siemens ProductCERT material. Remediation in the source is V5.10.1 or later.

Official resources