CVE-2025-40820 - Vulnerability Details

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00062.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Siemens Subscribe	Sidoor Atd430w Subscribe Sidoor Ate530s Coated Subscribe Simatic Subscribe Simatic Cfc Subscribe Simatic Cfu Diq Subscribe Simatic Cfu Pa Subscribe Simatic Et200al Im 157-1 Pn Subscribe Simatic Et200sp Im155-6 Mf Hf Subscribe Simatic Et 200mp Im 155-5 Pn Hf Subscribe Simatic Et 200s Subscribe Simatic Pcs Subscribe Simatic Pdm Subscribe Simatic S7-1500 Cpu 1510sp-1 Pn Subscribe Simatic S7-1500 Cpu 1510sp F-1 Pn Subscribe Simatic S7-1500 Cpu 1512sp-1 Pn Subscribe Simatic S7-1500 Cpu 1512sp F-1 Pn Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Siemens Subscribe	Sidoor Atd430w Subscribe Sidoor Ate530s Coated Subscribe Simatic Subscribe Simatic Cfc Subscribe Simatic Cfu Diq Subscribe Simatic Cfu Pa Subscribe Simatic Et200al Im 157-1 Pn Subscribe Simatic Et200sp Im155-6 Mf Hf Subscribe Simatic Et 200mp Im 155-5 Pn Hf Subscribe Simatic Et 200s Subscribe Simatic Pcs Subscribe Simatic Pdm Subscribe Simatic S7-1500 Cpu 1510sp-1 Pn Subscribe Simatic S7-1500 Cpu 1510sp F-1 Pn Subscribe Simatic S7-1500 Cpu 1512sp-1 Pn Subscribe Simatic S7-1500 Cpu 1512sp F-1 Pn Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-915282.html

History

Wed, 10 Dec 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens sidoor Atd430w Siemens sidoor Ate530s Coated Siemens simatic Siemens simatic Cfc Siemens simatic Cfu Diq Siemens simatic Cfu Pa Siemens simatic Et200al Im 157-1 Pn Siemens simatic Et200sp Im155-6 Mf Hf Siemens simatic Et 200mp Im 155-5 Pn Hf Siemens simatic Et 200s Siemens simatic Pcs Siemens simatic Pdm Siemens simatic S7-1500 Cpu 1510sp-1 Pn Siemens simatic S7-1500 Cpu 1510sp F-1 Pn Siemens simatic S7-1500 Cpu 1512sp-1 Pn Siemens simatic S7-1500 Cpu 1512sp F-1 Pn
Vendors & Products		Siemens Siemens sidoor Atd430w Siemens sidoor Ate530s Coated Siemens simatic Siemens simatic Cfc Siemens simatic Cfu Diq Siemens simatic Cfu Pa Siemens simatic Et200al Im 157-1 Pn Siemens simatic Et200sp Im155-6 Mf Hf Siemens simatic Et 200mp Im 155-5 Pn Hf Siemens simatic Et 200s Siemens simatic Pcs Siemens simatic Pdm Siemens simatic S7-1500 Cpu 1510sp-1 Pn Siemens simatic S7-1500 Cpu 1510sp F-1 Pn Siemens simatic S7-1500 Cpu 1512sp-1 Pn Siemens simatic S7-1500 Cpu 1512sp F-1 Pn

Tue, 09 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 11:00:00 +0000

Type	Values Removed	Values Added
Description		Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
Weaknesses		CWE-940
References		https://cert-portal.siemens.com/productcert/html/ssa-915282.html
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2025-12-09T10:44:30.977Z

Updated: 2025-12-09T15:55:23.400Z

Reserved: 2025-04-16T08:50:26.975Z

Link: CVE-2025-40820

Vulnrichment

Updated: 2025-12-09T15:55:01.982Z

NVD

Status : Awaiting Analysis

Published: 2025-12-09T16:17:46.413

Modified: 2025-12-09T18:36:53.557

Link: CVE-2025-40820

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-10T17:52:04Z

Weaknesses

CWE-940

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object