CVE-2025-40941 Siemens CVE debrief

Who should care

OT/ICS operators, Siemens SIMATIC CN 4100 administrators, network defenders monitoring industrial environments, and asset owners who expose this device to broader internal networks or remote management paths.

Technical summary

The issue is described as server information being exposed in device responses. CISA lists the CVSS v3.1 vector as AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (4.3), indicating network-accessible exploitation with low privileges and a confidentiality impact only. The supplier remediation in the corpus is to update to V4.0.1 or later.

Defensive priority

Moderate priority. The impact is limited to information disclosure, but the device is in an OT/ICS context where exposed server details can aid reconnaissance and follow-on targeting.

Recommended defensive actions

• Verify whether Siemens SIMATIC CN 4100 devices are present in your environment and identify their firmware versions.
• Apply Siemens' remediation by updating to V4.0.1 or later.
• Restrict network access to the device to trusted management segments and minimize exposure to unnecessary internal or external hosts.
• Review logs and management exposure for unexpected access to SIMATIC CN 4100 services.
• Use the CISA ICS recommended practices and defense-in-depth guidance for segmentation and hardening of industrial networks.

Evidence notes

Source corpus: CISA CSAF advisory ICSA-26-015-12 and Siemens advisory SSA-416652. The advisory text states that affected devices expose server information in responses and that this could aid targeted attacks. The supplied corpus lists Siemens as vendor, SIMATIC CN 4100 as product, CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, and remediation to update to V4.0.1 or later. Enrichment in the corpus indicates no KEV entry and no known ransomware campaign use.

Official resources