CVE-2025-40943: CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in Siemens SIMATIC Drive Controller CPU 1504D TF
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.
AI Analysis
Technical Summary
This vulnerability involves improper sanitization of trace file contents in Siemens SIMATIC Drive Controller CPU 1504D TF. An attacker can leverage social engineering to convince an authorized user to import a malicious trace file. The malicious code embedded in the trace file is executed in the client's browser session, allowing unauthorized PLC operations to be triggered through the webserver under the legitimate user's permissions. The issue is categorized as CWE-95 (Eval Injection) and has a CVSS v3.1 base score of 9.6, indicating critical severity.
Potential Impact
Successful exploitation allows remote code execution in the context of the authorized user's browser session, leading to potentially complete compromise of PLC operations accessible to that user. This includes confidentiality, integrity, and availability impacts rated as high. The attacker can cause unauthorized control actions on the industrial controller via the webserver interface.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict the 'Read diagnostics' function right to trusted users only and avoid importing trace files from untrusted sources. Monitor Siemens advisories for updates on official patches or mitigations.
CVE-2025-40943: CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in Siemens SIMATIC Drive Controller CPU 1504D TF
Description
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.
CVSS v3.1
Score 9.6critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper sanitization of trace file contents in Siemens SIMATIC Drive Controller CPU 1504D TF. An attacker can leverage social engineering to convince an authorized user to import a malicious trace file. The malicious code embedded in the trace file is executed in the client's browser session, allowing unauthorized PLC operations to be triggered through the webserver under the legitimate user's permissions. The issue is categorized as CWE-95 (Eval Injection) and has a CVSS v3.1 base score of 9.6, indicating critical severity.
Potential Impact
Successful exploitation allows remote code execution in the context of the authorized user's browser session, leading to potentially complete compromise of PLC operations accessible to that user. This includes confidentiality, integrity, and availability impacts rated as high. The attacker can cause unauthorized control actions on the industrial controller via the webserver interface.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict the 'Read diagnostics' function right to trusted users only and avoid importing trace files from untrusted sources. Monitor Siemens advisories for updates on official patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- siemens
- Date Reserved
- 2025-04-16T09:06:15.879Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b04b8cea502d3aa873baa0
Added to database: 3/10/2026, 4:49:16 PM
Last enriched: 5/13/2026, 2:45:34 AM
Last updated: 6/12/2026, 2:26:28 PM
Views: 166
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.