Introduction
Sensitive industrial data and configuration files in critical infrastructure environments can be accessed or modified by any network user due to a misconfiguration in Siemens SIMATIC Virtualization as a Service (SIVaaS). This issue affects all deployments of SIVaaS and carries a critical CVSS score of 9.1.
About SIVaaS and Siemens: Siemens is a global leader in industrial automation and digitalization, with its SIMATIC product line widely used in manufacturing, energy, and transportation. SIVaaS is Siemens' virtualization platform designed to simplify deployment and management of industrial automation systems, supporting applications like PCS 7, WinCC, and TIA Portal. Its broad adoption in operational technology environments makes vulnerabilities in SIVaaS especially impactful for industrial organizations.
Technical Information
CVE-2025-40804 is caused by the exposure of network shares in all versions of SIVaaS without any authentication requirement. This means any user with network access can enumerate and access shared directories, regardless of their authorization status. These shares may include sensitive configuration files, operational data, project backups, or other critical resources.
The vulnerability is classified as CWE-732 (Incorrect Permission Assignment for Critical Resource). The root cause is a misconfiguration in the SIVaaS platform's share permissions, which do not restrict access to authenticated or authorized users. Attackers can use standard protocols such as SMB or NFS to connect to these shares. If write permissions are present, attackers could also alter or corrupt files, inject malicious content, or disrupt operations.
No vulnerable code snippets or proof of concept details are publicly available for this issue. The vendor advisory confirms the exposure but does not provide implementation specifics.
Affected Systems and Versions
- Product: Siemens SIMATIC Virtualization as a Service (SIVaaS)
- Affected Versions: All versions (no exceptions or version ranges specified)
- Vulnerable Configurations: Any deployment of SIVaaS with default or misconfigured network share permissions
Vendor Security History
Siemens has previously addressed vulnerabilities in its industrial automation portfolio, including authentication bypasses and access control misconfigurations in SIMATIC and related products. The company operates a dedicated ProductCERT and has improved its vulnerability response processes, but recurring issues with access control indicate persistent challenges in securing complex operational technology platforms.