Skip to main content

CVE-2025-24009: CWE-732: Incorrect Permission Assignment for Critical Resource in Siemens SIRIUS 3RK3 Modular Safety System (MSS)

Medium
VulnerabilityCVE-2025-24009cvecve-2025-24009cwe-732
Published: Tue May 13 2025 (05/13/2025, 09:38:31 UTC)
Source: CVE
Vendor/Project: Siemens
Product: SIRIUS 3RK3 Modular Safety System (MSS)

Description

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with network access could retrieve sensitive information from certain data records, including obfuscated safety passwords.

AI-Powered Analysis

AILast updated: 07/06/2025, 18:28:00 UTC

Technical Analysis

CVE-2025-24009 is a medium-severity vulnerability affecting Siemens SIRIUS 3RK3 Modular Safety System (MSS) and SIRIUS Safety Relays 3SK2 across all versions. The core issue is an incorrect permission assignment (CWE-732) that allows unauthenticated network attackers to access critical resources without any authentication. Specifically, the affected devices expose certain data records containing sensitive information, including obfuscated safety passwords. While the passwords are obfuscated, the lack of authentication and direct network accessibility significantly increases the risk of sensitive data disclosure. The vulnerability does not impact the integrity or availability of the system but compromises confidentiality by exposing sensitive safety-related credentials. The CVSS v3.1 base score is 5.9, reflecting a network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). No known exploits are currently reported in the wild, and no patches have been published yet. This vulnerability is particularly concerning for industrial control environments where these Siemens safety systems are deployed, as unauthorized access to safety passwords could facilitate further attacks or unauthorized modifications to safety configurations.

Potential Impact

For European organizations, especially those in manufacturing, energy, transportation, and critical infrastructure sectors that rely on Siemens SIRIUS 3RK3 MSS and 3SK2 Safety Relays, this vulnerability poses a significant confidentiality risk. Exposure of obfuscated safety passwords could enable attackers to gain deeper access to safety systems, potentially bypassing safety mechanisms or preparing for more sophisticated attacks. Although the vulnerability does not directly affect system integrity or availability, the compromise of safety credentials undermines trust in safety controls and could lead to indirect safety hazards or operational disruptions if exploited in combination with other vulnerabilities or insider threats. Given the widespread use of Siemens industrial automation products in Europe, the vulnerability could affect a broad range of organizations, increasing the risk of targeted attacks on critical infrastructure. The lack of authentication requirement means that attackers with network access—potentially including remote or internal threat actors—can exploit this vulnerability without needing user interaction or elevated privileges, increasing the attack surface.

Mitigation Recommendations

1. Network Segmentation: Immediately isolate affected Siemens devices from untrusted networks, including the internet and general corporate networks, by placing them in dedicated, segmented industrial control system (ICS) zones with strict access controls. 2. Access Control Enforcement: Implement strict firewall rules and network access control lists (ACLs) to restrict network access to these devices only to authorized maintenance and monitoring systems. 3. Monitoring and Logging: Enable detailed logging and continuous monitoring of network traffic to and from the affected devices to detect any unauthorized access attempts. 4. Vendor Coordination: Engage with Siemens support to obtain official patches or firmware updates once available and prioritize their deployment. 5. Password Management: Review and rotate safety passwords where possible, and consider additional layers of encryption or protection for sensitive configuration data. 6. Incident Response Preparedness: Prepare incident response plans specifically addressing potential exploitation scenarios involving safety system credential exposure. 7. Physical Security: Ensure physical security controls prevent unauthorized local access to the devices, as network access alone is insufficient for exploitation but combined with physical access could increase risk. These mitigations go beyond generic advice by focusing on network architecture changes, proactive monitoring, and vendor engagement tailored to industrial safety systems.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
siemens
Date Reserved
2025-01-16T16:19:30.407Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fc1484d88663aeccaa

Added to database: 5/20/2025, 6:59:08 PM

Last enriched: 7/6/2025, 6:28:00 PM

Last updated: 8/15/2025, 11:53:14 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats