Sign-up

ID

VAR-202510-0484


CVE

CVE-2025-40773


DESCRIPTION

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation allows an attacker to potentially manipulate data belonging to other users.

Trust: 1.0

sources: NVD: CVE-2025-40773

AFFECTED PRODUCTS

vendor:siemensmodel:sipass integratedscope:ltversion:3.00

Trust: 1.0

sources: NVD: CVE-2025-40773

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-40773
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-40773
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2025-40773
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-40773
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-40773 // NVD: CVE-2025-40773

PROBLEMTYPE DATA

problemtype:CWE-639

Trust: 1.0

sources: NVD: CVE-2025-40773

EXTERNAL IDS

db:SIEMENSid:SSA-599451

Trust: 1.0

db:NVDid:CVE-2025-40773

Trust: 1.0

sources: NVD: CVE-2025-40773

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-599451.html

Trust: 1.0

sources: NVD: CVE-2025-40773

SOURCES

db:NVDid:CVE-2025-40773

LAST UPDATE DATE

2025-10-16T23:34:08.439000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-40773date:2025-10-16T15:01:12.293

SOURCES RELEASE DATE

db:NVDid:CVE-2025-40773date:2025-10-14T10:15:38.667