What is the CVSS score of CVE-2025-40568?

CVE-2025-40568 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Siemens are affected by CVE-2025-40568?

Organizations using A vulnerability should be aware of moderate risk from CVE-2025-40568, a incorrect authorization vulnerability rated CVSS 4.3.

How to fix or mitigate CVE-2025-40568?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Siemens CVE-2025-40568

EUVD-2025-17680 MEDIUM

Incorrect Authorization (CWE-863)

2025-06-10 productcert@siemens.com

Authentication Bypass Siemens

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17680

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 16:15 nvd

MEDIUM 4.3

DescriptionNVD

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to terminate legitimate users' sessions.

AnalysisAI

A security vulnerability in A vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-863 (Incorrect Authorization). Affects A vulnerability.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-40568 vulnerability details – vuln.today

Back

Siemens CVE-2025-40568

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code