OTPulse
FeedAboutContact

Siemens SINUMERIK

Plan Patch8.3ICS-CERT ICSA-25-226-19Aug 12, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens SINUMERIK Controllers contain an improper VNC password validation vulnerability. The affected products include SINUMERIK 828D PPU.4 and PPU.5, SINUMERIK 840D sl, SINUMERIK MC (versions 1.15 and 1.25), and SINUMERIK ONE (versions 6.15 and 6.25). An attacker can bypass the VNC authentication mechanism to gain unauthorized remote access to the controller interface. Siemens has released updated firmware versions that correct the password validation logic.

What this means
What could happen
An attacker with network access to the VNC interface could bypass authentication checks and gain remote control of the SINUMERIK controller, potentially altering machine tool operations, changing cutting parameters, or halting production.
Who's at risk
Machine tool operators and manufacturing facilities using Siemens SINUMERIK machine tool controllers (828D, 840D, MC, and ONE series) for CNC machining operations. Any plant using these controllers for precision manufacturing, multi-axis milling, turning, or automated production runs is affected.
How it could be exploited
An attacker on the network segments or subnets connected to the SINUMERIK controller exploits the improper VNC password validation by sending crafted authentication requests that bypass the password check, gaining unauthenticated VNC access to the controller's graphical interface.
Prerequisites
  • Network access to VNC interface (typically port 5900)
  • Controller connected to network (not air-gapped)
  • No network-level access controls (firewall rules) restricting VNC connections
remotely exploitableno authentication requiredlow complexity attackaffects industrial machine tool controls
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (7)
7 with fix
ProductAffected VersionsFix Status
SINUMERIK 828D PPU.4<V4.95 SP54.95 SP5
SINUMERIK 828D PPU.5<V5.25 SP15.25 SP1
SINUMERIK 840D sl<V4.95 SP54.95 SP5
SINUMERIK MC<V1.25 SP11.25 SP1
SINUMERIK MC V1.15<V1.15 SP51.15 SP5
SINUMERIK ONE<V6.25 SP16.25 SP1
SINUMERIK ONE V6.15<V6.15 SP56.15 SP5
Remediation & Mitigation
0/9
Do now
0/1
WORKAROUNDRestrict network access to VNC ports (default 5900) on SINUMERIK controllers using firewall rules; limit connections to authorized engineering workstations only
Schedule — requires maintenance window
0/7

Patching may require device reboot — plan for process interruption

SINUMERIK 828D PPU.4
HOTFIXUpdate SINUMERIK 828D PPU.4 to version 4.95 SP5 or later
SINUMERIK 828D PPU.5
HOTFIXUpdate SINUMERIK 828D PPU.5 to version 5.25 SP1 or later
SINUMERIK 840D sl
HOTFIXUpdate SINUMERIK 840D sl to version 4.95 SP5 or later
SINUMERIK MC
HOTFIXUpdate SINUMERIK MC to version 1.25 SP1 or later
HOTFIXUpdate SINUMERIK MC V1.15 to version 1.15 SP5 or later
SINUMERIK ONE
HOTFIXUpdate SINUMERIK ONE to version 6.25 SP1 or later
HOTFIXUpdate SINUMERIK ONE V6.15 to version 6.15 SP5 or later
Long-term hardening
0/1
HARDENINGSegment SINUMERIK controllers onto isolated production network VLAN separate from corporate IT network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e9f8875d-5d35-444e-a221-256aa6211bfb
Siemens SINUMERIK | CVSS 8.3 - OTPulse