Siemens SIMATIC CN 4100

Plan Patch8.3ICS-CERT ICSA-26-015-12Dec 9, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 versions prior to 4.0.1 contain multiple vulnerabilities including command injection (CWE-77), unencrypted credential transmission (CWE-311), and improper access control (CWE-284) that could allow an authenticated attacker to execute arbitrary commands and compromise the confidentiality, integrity, and availability of the controller and connected processes.

What this means

What could happen

An attacker with valid credentials could execute commands on the CN 4100 controller and modify process configurations, which could disrupt critical industrial processes or alter operational parameters without detection.

Who's at risk

Operations teams managing Siemens SIMATIC CN 4100 controllers in manufacturing, utilities, and process automation environments. This affects any site where the CN 4100 is used for process control, configuration management, or network connectivity in critical infrastructure.

How it could be exploited

An attacker with network access and valid credentials can exploit command injection vulnerabilities to run arbitrary commands on the CN 4100. This could be achieved through the web interface or management protocols, allowing the attacker to alter process logic or disable safety controls.

Prerequisites

Network access to the CN 4100 management interface (typically port 80/443)
Valid engineering workstation credentials or administrative access
Knowledge of the device's management protocol or web interface

Affects confidentiality, integrity, and availabilityRequires valid credentials but improper access controlsCommand injection vulnerabilities (CWE-77)Unencrypted credential transmission (CWE-311)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100< 4.0.14.0.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 firmware to version 4.0.1 or later

CVEs (5)

CVE-2025-40937 CVE-2025-40938 CVE-2025-40939 CVE-2025-40940 CVE-2025-40941

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8476f55e-8d3f-4312-9e67-4fe4182fef7c