Details of VAR-202510-0482

ID

VAR-202510-0482

CVE

CVE-2025-40772

TITLE

Siemens' SiPass integrated Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-016454

DESCRIPTION

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation. Siemens' SiPass integrated Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2025-40772 // JVNDB: JVNDB-2025-016454

AFFECTED PRODUCTS

vendor:	siemens	model:	sipass integrated	scope:	lt	version:	3.00	Trust: 1.0
vendor:	シーメンス	model:	sipass integrated	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sipass integrated	scope:	eq	version:	3.00	Trust: 0.8
vendor:	シーメンス	model:	sipass integrated	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-016454 // NVD: CVE-2025-40772

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40772
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-40772
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-40772
value:	MEDIUM
Trust: 0.8

productcert@siemens.com:	CVE-2025-40772
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-40772
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2025-40772
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-016454 // NVD: CVE-2025-40772 // NVD: CVE-2025-40772

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-016454 // NVD: CVE-2025-40772

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40772	Trust: 2.6
db:	SIEMENS	id:	SSA-599451	Trust: 1.8
db:	ICS CERT	id:	ICSA-25-289-06	Trust: 0.8
db:	JVN	id:	JVNVU90351979	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-016454	Trust: 0.8

sources: JVNDB: JVNDB-2025-016454 // NVD: CVE-2025-40772

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-599451.html	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu90351979/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40772	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-06	Trust: 0.8

sources: JVNDB: JVNDB-2025-016454 // NVD: CVE-2025-40772

SOURCES

db:	JVNDB	id:	JVNDB-2025-016454
db:	NVD	id:	CVE-2025-40772

LAST UPDATE DATE

2025-11-22T23:12:01.430000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-016454	date:	2025-10-20T07:14:00
db:	NVD	id:	CVE-2025-40772	date:	2025-10-16T15:02:58.310

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-016454	date:	2025-10-20T00:00:00
db:	NVD	id:	CVE-2025-40772	date:	2025-10-14T10:15:38.470