Summary
Siemens reports a critical code injection vulnerability (CVE-2025-40943) in SIMATIC S7-1500 controllers that allows attackers to take full control of devices via malicious trace files. The flaw affects numerous industrial CPUs and requires users to update to version 4.1.2 or restrict web server access.
Take Action:
If you are using Siemens SIMATIC S7-1500 controllers, make sure they are isolated from the internet, especially the web management interface. If the interface is not actively used, just disable it. Then plan a patch of the controllers. It's going to be a long process, many different models are affected.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)