CVE-2025-40742
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-40742
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) V9.6 (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIPROTEC 5 6MD84等都是德国西门子(Siemens)公司的一款继电器设备。 Siemens多款产品存在安全漏洞,该漏洞源于URL请求中包含会话标识符,可能导致未授权访问。以下产品受到影响:SIPROTEC 5 6MD84和SIPROTEC 5 6MD85和SIPROTEC 5 6MD86和SIPROTEC 5 6MD89和SIPROTEC 5 6MD89 V9.6和SIPROTEC 5 6MU85和SIPROTEC 5 7KE85和SIPROTEC 5 7SA82和SIPRO
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-40742
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-40742
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2025-07-08 · 18 CVEs total
| CVE-2025-40736 | 9.8 CRITICAL | Siemens SINEC NMS 访问控制错误漏洞 |
| CVE-2025-41224 | 8.8 HIGH | Siemens多款产品 安全漏洞 |
| CVE-2025-40738 | 8.8 HIGH | Siemens SINEC NMS 路径遍历漏洞 |
| CVE-2025-40737 | 8.8 HIGH | Siemens SINEC NMS 路径遍历漏洞 |
| CVE-2025-40735 | 8.8 HIGH | Siemens SINEC NMS SQL注入漏洞 |
| CVE-2024-31853 | 8.1 HIGH | Siemens SICAM TOOLBOX II 信任管理问题漏洞 |
| CVE-2024-31854 | 8.1 HIGH | Siemens SICAM TOOLBOX II 信任管理问题漏洞 |
| CVE-2025-40741 | 7.8 HIGH | Siemens Solid Edge SE2025 安全漏洞 |
| CVE-2025-40740 | 7.8 HIGH | Siemens Solid Edge SE2025 缓冲区错误漏洞 |
| CVE-2025-40739 | 7.8 HIGH | Siemens Solid Edge SE2025 缓冲区错误漏洞 |
| CVE-2025-23365 | 7.8 HIGH | Siemens TIA Administrator 访问控制错误漏洞 |
| CVE-2023-52236 | 7.0 HIGH | Siemens多款产品 加密问题漏洞 |
| CVE-2025-40593 | 6.5 MEDIUM | Siemens SIMATIC CN 4100 输入验证错误漏洞 |
| CVE-2025-23364 | 6.2 MEDIUM | Siemens TIA Administrator 数据伪造问题漏洞 |
| CVE-2025-41222 | 5.3 MEDIUM | Siemens多款产品 安全漏洞 |
| CVE-2025-41223 | 4.8 MEDIUM | Siemens多款产品 加密问题漏洞 |
| CVE-2025-27127 | 4.3 MEDIUM | Siemens多款产品 代码问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-598
- CVE-2026-34020
Apache OpenMeetings: Login Credentials Passed via GET Query - CVE-2026-25118
immich-server: Insecure Transmission of Authentication Crede - CVE-2026-33620
PinchTab: API Bearer Token Exposed in URL Query Parameter vi - CVE-2025-14808
IBM InfoSphere Information Server is vulnerable due to discl - CVE-2026-31381
Gainsight Assist plugin information disclosure
V. Comments for CVE-2025-40742
No comments yet