Buffer overflow in Siemens products - CVE-2025-40815

Vulnerability identifier: #VU118372

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-40815

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
LOGO! 12/24RCE
LOGO! 12/24RCEo
LOGO! 230RCE
LOGO! 230RCEo
LOGO! 24CE
LOGO! 24CEo
LOGO! 24RCE
LOGO! 24RCEo
SIPLUS LOGO! 12/24RCE
SIPLUS LOGO! 12/24RCEo
SIPLUS LOGO! 230RCE
SIPLUS LOGO! 230RCEo
SIPLUS LOGO! 24CE
SIPLUS LOGO! 24CEo
SIPLUS LOGO! 24RCE
SIPLUS LOGO! 24RCEo

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing TCP packets. A remote administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

• https://cert-portal.siemens.com/productcert/html/ssa-267056.html