Details of VAR-202510-0483

ID

VAR-202510-0483

CVE

CVE-2025-40774

TITLE

Siemens' SiPass integrated Vulnerability in storing passwords in a recoverable format in

Trust: 0.8

sources: JVNDB: JVNDB-2025-016445

DESCRIPTION

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise. Siemens' SiPass integrated contains a vulnerability related to storing passwords in a recoverable format.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-40774 // JVNDB: JVNDB-2025-016445

AFFECTED PRODUCTS

vendor:	siemens	model:	sipass integrated	scope:	lt	version:	3.00	Trust: 1.0
vendor:	シーメンス	model:	sipass integrated	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sipass integrated	scope:	eq	version:	3.00	Trust: 0.8
vendor:	シーメンス	model:	sipass integrated	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-016445 // NVD: CVE-2025-40774

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40774
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-016445
value:	MEDIUM
Trust: 0.8

productcert@siemens.com:	CVE-2025-40774
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-016445
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-016445 // NVD: CVE-2025-40774

PROBLEMTYPE DATA

problemtype:	CWE-257	Trust: 1.0
problemtype:	Password storage in recoverable form (CWE-257) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-016445 // NVD: CVE-2025-40774

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40774	Trust: 2.6
db:	SIEMENS	id:	SSA-599451	Trust: 1.8
db:	ICS CERT	id:	ICSA-25-289-06	Trust: 0.8
db:	JVN	id:	JVNVU90351979	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-016445	Trust: 0.8

sources: JVNDB: JVNDB-2025-016445 // NVD: CVE-2025-40774

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-599451.html	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu90351979/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40774	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-06	Trust: 0.8

sources: JVNDB: JVNDB-2025-016445 // NVD: CVE-2025-40774

SOURCES

db:	JVNDB	id:	JVNDB-2025-016445
db:	NVD	id:	CVE-2025-40774

LAST UPDATE DATE

2025-11-22T23:12:01.394000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-016445	date:	2025-10-20T06:11:00
db:	NVD	id:	CVE-2025-40774	date:	2025-10-16T14:09:09.060

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-016445	date:	2025-10-20T00:00:00
db:	NVD	id:	CVE-2025-40774	date:	2025-10-14T10:15:38.850