SB2025052817 - Multiple vulnerabilities in Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025052817

SB2025052817 - Multiple vulnerabilities in Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems

Published: May 28, 2025

Security Bulletin ID SB2025052817
Severity
High
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2025-24007)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to weak password obfuscation. A remote attacker can retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.


2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2025-24008)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to lack of encryption of sensitive information in transit. A remote attacker can retrieve sensitive information.


3) Incorrect permission assignment for critical resource (CVE-ID: CVE-2025-24009)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A remote attacker can retrieve sensitive information from certain data records.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References