CVE-2025-40584 (CNNVD-202508-1030)
中文标题:
Siemens多款产品 代码问题漏洞
英文标题:
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5...
漏洞描述
中文描述:
Siemens SIMOTION SCOUT TIA等都是德国西门子(Siemens)公司的产品。Siemens SIMOTION SCOUT TIA是一款高端运动控制系统。Siemens SIMOTION SCOUT是一款高端运动控制系统。Siemens SINAMICS STARTER是一款驱动调试工具软件。 Siemens多款产品存在代码问题漏洞,该漏洞源于XML外部实体注入,可能导致读取任意文件。以下产品及版本受到影响:SIMOTION SCOUT TIA V5.4、SIMOTION SCOUT TIA V5.5、SIMOTION SCOUT TIA V5.6 V5.6 SP1 HF7之前版本、SIMOTION SCOUT TIA V5.7 V5.7 SP1 HF1之前版本、SIMOTION SCOUT V5.4、SIMOTION SCOUT V5.5、SIMOTION SCOUT V5.6 V5.6 SP1 HF7之前版本、SIMOTION SCOUT V5.7 V5.7 SP1 HF1之前版本、SINAMICS STARTER V5.5、SINAMICS STARTER V5.6和SINAMICS STARTER V5.7。
英文描述:
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions < V5.7 HF2). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Siemens | SIMOTION SCOUT TIA V5.4 | - | < * | - |
cpe:2.3:a:siemens:simotion_scout_tia_v5.4:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT TIA V5.5 | - | < * | - |
cpe:2.3:a:siemens:simotion_scout_tia_v5.5:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT TIA V5.6 | - | < V5.6 SP1 HF7 | - |
cpe:2.3:a:siemens:simotion_scout_tia_v5.6:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT TIA V5.7 | - | < V5.7 SP1 HF1 | - |
cpe:2.3:a:siemens:simotion_scout_tia_v5.7:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT V5.4 | - | < * | - |
cpe:2.3:a:siemens:simotion_scout_v5.4:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT V5.5 | - | < * | - |
cpe:2.3:a:siemens:simotion_scout_v5.5:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT V5.6 | - | < V5.6 SP1 HF7 | - |
cpe:2.3:a:siemens:simotion_scout_v5.6:*:*:*:*:*:*:*:*
|
| Siemens | SIMOTION SCOUT V5.7 | - | < V5.7 SP1 HF1 | - |
cpe:2.3:a:siemens:simotion_scout_v5.7:*:*:*:*:*:*:*:*
|
| Siemens | SINAMICS STARTER V5.5 | - | < * | - |
cpe:2.3:a:siemens:sinamics_starter_v5.5:*:*:*:*:*:*:*:*
|
| Siemens | SINAMICS STARTER V5.6 | - | < * | - |
cpe:2.3:a:siemens:sinamics_starter_v5.6:*:*:*:*:*:*:*:*
|
| Siemens | SINAMICS STARTER V5.7 | - | < V5.7 HF2 | - |
cpe:2.3:a:siemens:sinamics_starter_v5.7:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 (cna)
MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-40584 |
2025-11-11 15:23:20 | 2025-11-11 07:40:30 |
| NVD | nvd_CVE-2025-40584 |
2025-11-11 15:00:59 | 2025-11-11 07:48:19 |
| CNNVD | cnnvd_CNNVD-202508-1030 |
2025-11-11 15:12:53 | 2025-11-11 08:00:04 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 代码问题
- cnnvd_id: 未提取 -> CNNVD-202508-1030
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']