Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Critical

Missing Authentication in Siemens SIMATIC CP 1542SP-1 / CP 1543SP-1 Configuration Connections

IdentifiersCVE-2025-40771CWE-306· Missing Authentication for…

CVE-2025-40771 is a missing-authentication vulnerability affecting Siemens SIMATIC and SIPLUS industrial communication processors, including SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), and SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), in all firmware versions prior to V2.4.24. The affected devices do not properly authenticate configuration connections. Based on the provided content, the root cause is the absence of authentication logic in the configuration connection handling path. As a result, a remote attacker can establish a configuration session without valid credentials and access device configuration data.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to access configuration data exposed through the device configuration interface. The provided content also indicates the attacker may be able to retrieve or modify configuration data, resulting in compromise of confidentiality and potentially integrity of device configuration. The issue is remotely exploitable and does not require user interaction or prior authentication. The content states the vulnerability is limited to the configuration interface and does not affect operational communication channels.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict network access to the affected devices' configuration interfaces to trusted administrative hosts and management networks only. Minimize exposure by isolating industrial control system networks, enforcing segmentation between operational and administrative networks, and blocking unneeded paths to configuration services from untrusted or external networks. Because the flaw is unauthenticated and remotely exploitable, reducing reachable attack surface around the configuration connection path is the primary interim mitigation until firmware V2.4.24 or later can be deployed.

Remediation

Patch, then assume compromise.

Upgrade affected devices to firmware version V2.4.24 or later. Siemens identifies V2.4.24 as the fixed release for the affected SIMATIC and SIPLUS communication processor models. Organizations should consult Siemens ProductCERT advisory SSA-486936 and apply the vendor-provided firmware updates to all impacted devices running versions earlier than V2.4.24.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
cvefeed high severityNews
Oct 14, 2025
CVE-2025-40771 - Siemens SIMATIC CP and SIPLUS ET 200SP Configuration Authentication Bypass Vulnerability

An authentication bypass / missing authentication vulnerability in Siemens SIMATIC CP and SIPLUS ET 200SP communication processor devices where configuration connections are not properly authenticated, enabling unauthenticated remote access to configuration data.

Read more
zeropath blogNews
Oct 14, 2025
SIMATIC CP 1542SP-1 and SIPLUS ET 200SP: Brief Summary of CVE-2025-40771 Authentication Bypass - ZeroPath Blog | ZeroPath

A missing authentication vulnerability in Siemens SIMATIC and SIPLUS industrial communication processors that allows remote unauthenticated attackers with network access to retrieve or modify configuration data via the configuration interface.

Read more
cert ssi scadaNews
Dec 11, 2025
Vulnérabilité dans Siemens SIMATIC

A data confidentiality vulnerability in Siemens SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 modules prior to version 2.4.24, allowing attackers to compromise data confidentiality.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-40771
NVD
nvd.nist.gov/vuln/detail/CVE-2025-40771
MITRE CWE · CWE-306
Missing Authentication for Critical Function
cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-486936.html