Siemens SIMATIC CN 4100

Plan PatchCVSS 8.3ICS-CERT ICSA-26-015-12Dec 9, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 contains multiple vulnerabilities affecting confidentiality, integrity, and availability. Affected versions are earlier than 4.0.1. The vulnerabilities involve command injection (CWE-77), insufficient encryption (CWE-311), access control flaws (CWE-284), and information exposure (CWE-200), allowing authenticated attackers to execute code or access sensitive data.

What this means

What could happen

An attacker with network access and valid credentials could run unauthorized commands on the SIMATIC CN 4100 industrial PC, potentially altering production data, stopping processes, or exfiltrating sensitive engineering information from your plant network.

Who's at risk

Manufacturing facilities and utility operators using SIMATIC CN 4100 industrial PCs for process monitoring, data logging, or SCADA gateway functions. Most relevant to automotive, chemical, discrete manufacturing, water/wastewater, and power generation sectors where this device interfaces with PLCs and RTUs.

How it could be exploited

An attacker with valid credentials accesses the device over the network (AV:N, PR:L). Because authentication is required but the attack is straightforward to execute (AC:L), the attacker could exploit weak credential management or compromised accounts to gain command execution and modify system behavior.

Prerequisites

Valid user credentials for the SIMATIC CN 4100
Network access to the CN 4100 management interface or network services

Remotely exploitableRequires valid credentials (reduced but present risk)Low complexity attackHigh CVSS score (8.3)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100< 4.0.14.0.1

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGEnforce strong, unique credentials for all CN 4100 user accounts and disable default accounts if present

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 firmware to version 4.0.1 or later

Long-term hardening

0/1

HARDENINGRestrict network access to the CN 4100 to only authorized engineering workstations and control systems using firewall rules

CVEs (5)

CVE-2025-40937 CVE-2025-40938 CVE-2025-40939 CVE-2025-40940 CVE-2025-40941

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8476f55e-8d3f-4312-9e67-4fe4182fef7c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.