Sign-up

ID

VAR-202510-0483


CVE

CVE-2025-40774


DESCRIPTION

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.

Trust: 1.0

sources: NVD: CVE-2025-40774

AFFECTED PRODUCTS

vendor:siemensmodel:sipass integratedscope:ltversion:3.00

Trust: 1.0

sources: NVD: CVE-2025-40774

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-40774
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2025-40774
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-40774

PROBLEMTYPE DATA

problemtype:CWE-257

Trust: 1.0

sources: NVD: CVE-2025-40774

EXTERNAL IDS

db:SIEMENSid:SSA-599451

Trust: 1.0

db:NVDid:CVE-2025-40774

Trust: 1.0

sources: NVD: CVE-2025-40774

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-599451.html

Trust: 1.0

sources: NVD: CVE-2025-40774

SOURCES

db:NVDid:CVE-2025-40774

LAST UPDATE DATE

2025-10-16T23:34:08.427000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-40774date:2025-10-16T14:09:09.060

SOURCES RELEASE DATE

db:NVDid:CVE-2025-40774date:2025-10-14T10:15:38.850