SIMATIC Virtualization as a Service CVE-2025-40804: Brief Summary of Unauthenticated Network Share Exposure

A brief summary of CVE-2025-40804 affecting all versions of Siemens SIMATIC Virtualization as a Service (SIVaaS), where unauthenticated network shares expose sensitive data. This post covers technical details, affected versions, and vendor security history.
CVE Analysis

7 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-09-09

SIMATIC Virtualization as a Service CVE-2025-40804: Brief Summary of Unauthenticated Network Share Exposure
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Sensitive industrial data and configuration files in critical infrastructure environments can be accessed or modified by any network user due to a misconfiguration in Siemens SIMATIC Virtualization as a Service (SIVaaS). This issue affects all deployments of SIVaaS and carries a critical CVSS score of 9.1.

About SIVaaS and Siemens: Siemens is a global leader in industrial automation and digitalization, with its SIMATIC product line widely used in manufacturing, energy, and transportation. SIVaaS is Siemens' virtualization platform designed to simplify deployment and management of industrial automation systems, supporting applications like PCS 7, WinCC, and TIA Portal. Its broad adoption in operational technology environments makes vulnerabilities in SIVaaS especially impactful for industrial organizations.

Technical Information

CVE-2025-40804 is caused by the exposure of network shares in all versions of SIVaaS without any authentication requirement. This means any user with network access can enumerate and access shared directories, regardless of their authorization status. These shares may include sensitive configuration files, operational data, project backups, or other critical resources.

The vulnerability is classified as CWE-732 (Incorrect Permission Assignment for Critical Resource). The root cause is a misconfiguration in the SIVaaS platform's share permissions, which do not restrict access to authenticated or authorized users. Attackers can use standard protocols such as SMB or NFS to connect to these shares. If write permissions are present, attackers could also alter or corrupt files, inject malicious content, or disrupt operations.

No vulnerable code snippets or proof of concept details are publicly available for this issue. The vendor advisory confirms the exposure but does not provide implementation specifics.

Affected Systems and Versions

  • Product: Siemens SIMATIC Virtualization as a Service (SIVaaS)
  • Affected Versions: All versions (no exceptions or version ranges specified)
  • Vulnerable Configurations: Any deployment of SIVaaS with default or misconfigured network share permissions

Vendor Security History

Siemens has previously addressed vulnerabilities in its industrial automation portfolio, including authentication bypasses and access control misconfigurations in SIMATIC and related products. The company operates a dedicated ProductCERT and has improved its vulnerability response processes, but recurring issues with access control indicate persistent challenges in securing complex operational technology platforms.

References

Detect & fix
what others miss