#VU118372 Buffer overflow in Siemens products - CVE-2025-40815

Vulnerability identifier: #VU118372

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-40815

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LOGO! 12/24RCE
LOGO! 12/24RCEo
LOGO! 230RCE
LOGO! 230RCEo
LOGO! 24CE
LOGO! 24CEo
LOGO! 24RCE
LOGO! 24RCEo
SIPLUS LOGO! 12/24RCE
SIPLUS LOGO! 12/24RCEo
SIPLUS LOGO! 230RCE
SIPLUS LOGO! 230RCEo
SIPLUS LOGO! 24CE
SIPLUS LOGO! 24CEo
SIPLUS LOGO! 24RCE
SIPLUS LOGO! 24RCEo

Software vendor:
Siemens

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing TCP packets. A remote administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

• https://cert-portal.siemens.com/productcert/html/ssa-267056.html