Sign-up

ID

VAR-202512-0066


CVE

CVE-2025-40818


DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

Trust: 1.0

sources: NVD: CVE-2025-40818

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.2

Trust: 1.0

sources: NVD: CVE-2025-40818

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-40818
value: LOW

Trust: 1.0

productcert@siemens.com: CVE-2025-40818
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-40818

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2025-40818

EXTERNAL IDS

db:SIEMENSid:SSA-626856

Trust: 1.0

db:NVDid:CVE-2025-40818

Trust: 1.0

sources: NVD: CVE-2025-40818

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-626856.html

Trust: 1.0

sources: NVD: CVE-2025-40818

SOURCES

db:NVDid:CVE-2025-40818

LAST UPDATE DATE

2025-12-19T19:39:42.993000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-40818date:2025-12-10T21:42:48.550

SOURCES RELEASE DATE

db:NVDid:CVE-2025-40818date:2025-12-09T16:17:46.040