CVE-2025-40818

Published: Dec 9, 2025Modified: Dec 10, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: productcert@siemens.com

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

Affected (4)

Products: Siemens: Sinema Remote Connect Server

Siemens

1 product

Sinema Remote Connect Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Server	Before 3.2
Siemens Sinema Remote Connect Server	Version 3.2 sp1
Siemens Sinema Remote Connect Server	Version 3.2 sp2
Siemens Sinema Remote Connect Server	Version 3.2 sp3

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-626856.html

Source: productcert@siemens.com

Vendor Advisory

Timeline

No history available yet.