Improper VNC Password Check Vulnerability in SINUMERIK Controllers
Plan Patch8.3SSA-177847Aug 12, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINUMERIK Controllers are affected by an improper VNC password check vulnerability that allows unauthenticated attackers on the local network to bypass authentication and gain remote control of the controller via VNC. The vulnerability affects SINUMERIK 828D PPU.4, 828D PPU.5, 840D sl, MC, and ONE series controllers. Siemens has released firmware updates that correct the password validation logic in the VNC service.
What this means
What could happen
An attacker on the local network could bypass VNC authentication on SINUMERIK controllers and gain remote control of the machine tool or manufacturing process without valid credentials, potentially altering tool paths, feed rates, or stopping production.
Who's at risk
Operators of Siemens SINUMERIK machine tool controllers (828D, 840D sl, MC, and ONE series) should be concerned. This affects CNC machining centers, turn-mill combinations, and other manufacturing equipment using these control systems in job shops, automotive suppliers, and contract manufacturers.
How it could be exploited
An attacker on the same network segment as the SINUMERIK controller would connect to the VNC service (typically port 5900) and bypass the password check due to improper validation logic, gaining unauthenticated remote access to the controller interface.
Prerequisites
- Network access to VNC port (typically 5900) on the affected controller
- Attacker must be on the same local network segment (AV:A per CVSS vector)
- VNC service must be enabled on the controller
Remotely exploitable via networkNo authentication required due to improper password checkLow complexity exploitationAffects industrial control of machine tools and cutting operationsRequires local network access but no special conditions
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (7)
7 with fix
ProductAffected VersionsFix Status
SINUMERIK 828D PPU.4All versions < V4.95 SP54.95 SP5
SINUMERIK 828D PPU.5All versions < V5.25 SP15.25 SP1
SINUMERIK 840D slAll versions < V4.95 SP54.95 SP5
SINUMERIK MCAll versions < V1.25 SP11.25 SP1
SINUMERIK MC V1.15All versions < V1.15 SP51.15 SP5
SINUMERIK ONEAll versions < V6.25 SP16.25 SP1
SINUMERIK ONE V6.15All versions < V6.15 SP56.15 SP5
Remediation & Mitigation
0/9
Do now
0/2WORKAROUNDRestrict network access to VNC ports on SINUMERIK controllers using firewall rules to allow only authorized engineering workstations
HARDENINGDisable VNC service on SINUMERIK controllers if remote graphical access is not required for normal operations
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
SINUMERIK 828D PPU.4
HOTFIXUpdate SINUMERIK 828D PPU.4 to firmware version 4.95 SP5 or later
SINUMERIK 828D PPU.5
HOTFIXUpdate SINUMERIK 828D PPU.5 to firmware version 5.25 SP1 or later
SINUMERIK 840D sl
HOTFIXUpdate SINUMERIK 840D sl to firmware version 4.95 SP5 or later
SINUMERIK MC
HOTFIXUpdate SINUMERIK MC to firmware version 1.25 SP1 or later
HOTFIXUpdate SINUMERIK MC V1.15 to firmware version 1.15 SP5 or later
SINUMERIK ONE
HOTFIXUpdate SINUMERIK ONE to firmware version 6.25 SP1 or later
HOTFIXUpdate SINUMERIK ONE V6.15 to firmware version 6.15 SP5 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/560d9b92-7276-4609-a2c4-393b666e898e