CVE-2025-40819

Published: Dec 9, 2025Modified: Dec 10, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: productcert@siemens.com

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.

Affected (4)

Products: Siemens: Sinema Remote Connect Server

Siemens

1 product

Sinema Remote Connect Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Server	Before 3.2
Siemens Sinema Remote Connect Server	Version 3.2 sp1
Siemens Sinema Remote Connect Server	Version 3.2 sp2
Siemens Sinema Remote Connect Server	Version 3.2 sp3

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-626856.html

Source: productcert@siemens.com

Vendor Advisory

Timeline

No history available yet.