SSA-001536

Siemens Security Advisory by Siemens ProductCERT

SSA-001536: Authorization Bypass Vulnerability in Siemens Industrial Edge Devices

Publication Date:	2026-01-13
Last Update:	2026-01-13
Current Version:	V1.0
CVSS v3.1 Base Score:	10.0
CVSS v4.0 Base Score:	10.0

SUMMARY

Siemens Industrial Edge Devices contain an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
Industrial Edge Devices	Show more details
SIMATIC Automation Workstation family	Show more details
SIMATIC Automation Workstation 19" (6AV7256-6CA01-0FP0) All versions affected by CVE-2025-40805	Currently no fix is available See further recommendations from section Mitigations
SIMATIC Automation Workstation 24" (6AV7256-6CA00-0FP0) All versions affected by CVE-2025-40805	Currently no fix is available See further recommendations from section Mitigations
SIMATIC HMI Unified Comfort Panels Standard family	Show more details
SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIPLUS HMI MTP1000 Unified Comfort (6AG1128-3KB06-4AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIPLUS HMI MTP1200 Unified Comfort (6AG1128-3MB06-4AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIPLUS HMI MTP700 Unified Comfort (6AG1128-3GB06-4AX1) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI Unified Comfort Panels Hygienic family	Show more details
SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) All versions < V21 affected by CVE-2025-40805	Update to V21 or later version https://support.industry.siemens.com/cs/ww/en/view/109825605/ See further recommendations from section Mitigations
Industrial Edge Cloud Device (IECD) All versions < V1.24.2 affected by CVE-2025-40805	Update to V1.24.2 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v1.24.2/industrial-edge-virtual/cloud-device/release-notes See further recommendations from section Mitigations
Industrial Edge Own Device (IEOD) All versions < V1.24.2 affected by CVE-2025-40805	Update to V1.24.2 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v1.24.2/industrial-edge-own-device/release-notes See further recommendations from section Mitigations
Industrial Edge Virtual Device (IEVD) All versions < V1.24.2 affected by CVE-2025-40805	Update to V1.24.2 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v1.24.2/industrial-edge-virtual/cloud-device/release-notes See further recommendations from section Mitigations
SCALANCE LPE9413 (6GK5998-3GS01-2AC2) All versions < V2.2 affected by CVE-2025-40805	Update to V2.2 or later version https://docs.eu1.edge.siemens.cloud/release_notes/device_release_notes/LPE9413.html See further recommendations from section Mitigations
SCALANCE LPE9433 (6GK5998-3GS11-2AC2) All versions < V2.2 affected by CVE-2025-40805	Update to V2.2 or later version https://docs.eu1.edge.siemens.cloud/release_notes/device_release_notes/SCALANCELPE9433Integrated.html See further recommendations from section Mitigations
SIMATIC IOT2050 (6ES7647-0BA00-1YA2) All versions < V1.25.1 affected by CVE-2025-40805	Update to V1.25.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v1.25/one-db-simatic-iot2050-industrial-edge-device/all-release-notes/release-notes-v1.25 See further recommendations from section Mitigations
SIMATIC IPC BX-39A Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations
SIMATIC IPC BX-59A Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations
SIMATIC IPC127E Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations
SIMATIC IPC227E Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations
SIMATIC IPC227G Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations
SIMATIC IPC427E Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations
SIMATIC IPC847E Industrial Edge Device All versions < V3.1 affected by CVE-2025-40805	Update to V3.1 or later version https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.1/simatic-ipc-ied-os/release-notes See further recommendations from section Mitigations

MITIGATIONS

Siemens has identified the following specific mitigations that customers can apply to reduce the risk:

Ensure network access to affected products is limited to trusted parties only

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

Industrial Edge Cloud Device (IECD) offers you the Industrial Edge Device functionality on demand and without the need of dedicated physical hardware devices.

Industrial Edge Own Device (IEOD) offers the Industrial Edge functionality and user experience on top of hardware by customer-choice.

Industrial Edge Virtual Device (IEVD) offers you the Industrial Edge Device functionality without the need of dedicated physical hardware devices.

SCALANCE LPE9000 (Local Processing Engine) extends the SCALANCE family portfolio by a component that provides computing power for a wide range of applications in the network, close to the process – Edge Computing.

SIMATIC HMI Panels are used for operator control and monitoring of machines and plants.

SIMATIC IPC Industrial Edge devices are industrial PCs that are pre-configured with the Industrial Edge Device software.

The devices of the SIMATIC IOT family offer a robust, compact and flexible solution with a focus on the IOT environment and round off the SIMATIC IPC product range in the lower output range.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2025-40805

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.

CVSS v3.1 Base Score	10.0
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	10.0
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE	CWE-639: Authorization Bypass Through User-Controlled Key

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2026-01-13):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.