CVE-2025-40820 - Vulnerability Details

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Siemens	Sidoor Atd430w Sidoor Ate530s Coated Simatic Simatic Cfc Simatic Cfu Diq Simatic Cfu Pa Simatic Et200al Im 157-1 Pn Simatic Et200sp Im155-6 Mf Hf Simatic Et 200mp Im 155-5 Pn Hf Simatic Et 200s Simatic Pcs Simatic Pdm Simatic S7-1500 Cpu 1510sp-1 Pn Simatic S7-1500 Cpu 1510sp F-1 Pn Simatic S7-1500 Cpu 1512sp-1 Pn Simatic S7-1500 Cpu 1512sp F-1 Pn

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-915282.html

History

Wed, 10 Dec 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens sidoor Atd430w Siemens sidoor Ate530s Coated Siemens simatic Siemens simatic Cfc Siemens simatic Cfu Diq Siemens simatic Cfu Pa Siemens simatic Et200al Im 157-1 Pn Siemens simatic Et200sp Im155-6 Mf Hf Siemens simatic Et 200mp Im 155-5 Pn Hf Siemens simatic Et 200s Siemens simatic Pcs Siemens simatic Pdm Siemens simatic S7-1500 Cpu 1510sp-1 Pn Siemens simatic S7-1500 Cpu 1510sp F-1 Pn Siemens simatic S7-1500 Cpu 1512sp-1 Pn Siemens simatic S7-1500 Cpu 1512sp F-1 Pn
Vendors & Products		Siemens Siemens sidoor Atd430w Siemens sidoor Ate530s Coated Siemens simatic Siemens simatic Cfc Siemens simatic Cfu Diq Siemens simatic Cfu Pa Siemens simatic Et200al Im 157-1 Pn Siemens simatic Et200sp Im155-6 Mf Hf Siemens simatic Et 200mp Im 155-5 Pn Hf Siemens simatic Et 200s Siemens simatic Pcs Siemens simatic Pdm Siemens simatic S7-1500 Cpu 1510sp-1 Pn Siemens simatic S7-1500 Cpu 1510sp F-1 Pn Siemens simatic S7-1500 Cpu 1512sp-1 Pn Siemens simatic S7-1500 Cpu 1512sp F-1 Pn

Tue, 09 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 11:00:00 +0000

Type	Values Removed	Values Added
Description		Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
Weaknesses		CWE-940
References		https://cert-portal.siemens.com/productcert/html/ssa-915282.html
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2025-12-09T10:44:30.977Z

Updated: 2025-12-09T15:55:23.400Z

Reserved: 2025-04-16T08:50:26.975Z

Link: CVE-2025-40820

Vulnrichment

Updated: 2025-12-09T15:55:01.982Z

NVD

Status : Awaiting Analysis

Published: 2025-12-09T16:17:46.413

Modified: 2025-12-09T18:36:53.557

Link: CVE-2025-40820

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object