{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T01:25:51.805","vulnerabilities":[{"cve":{"id":"CVE-2025-40568","sourceIdentifier":"productcert@siemens.com","published":"2025-06-10T16:15:38.537","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with \"guest\" role to terminate legitimate users' sessions."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en RUGGEDCOM RST2428P (6GK6242-6PA00) (Todas las versiones &lt; V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (Todas las versiones &lt; V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (Todas las versiones &lt; V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (Todas las versiones &lt; V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (Todas las versiones &lt; V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (Todas las versiones &lt; V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (Todas las versiones &lt; V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (Todas las versiones &lt; V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (Todas las versiones &lt; V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (Todas las versiones &lt; V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (Todas las versiones &lt; V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (Todas las versiones &lt; V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XRM334 (230 V CA, 8xFO) (6GK5334-2TS01-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XRM334 (230 V CA, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (Todas las versiones &lt; V3.2), SCALANCE XRM334 (24 V CC, 12xFO) (6GK5334-3TS01-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XRM334 (24 V CC, 8xFO) (6GK5334-2TS01-2AR3) (Todas las versiones &lt; V3.2), SCALANCE XRM334 (24 V CC, 2 x 10 G, 24 x SFP, 8 x SFP+) (6GK5334-5TS01-2AR3) (Todas las versiones anteriores a la V3.2), SCALANCE XRM334 (2 x 230 V CA, 12 x FO) (6GK5334-3TS01-4AR3) (Todas las versiones anteriores a la V3.2), SCALANCE XRM334 (2 x 230 V CA, 8 x FO) (6GK5334-2TS01-4AR3) (Todas las versiones anteriores a la V3.2), SCALANCE XRM334 (2 x 230 V CA, 2 x 10 G, 24 x SFP, 8 x SFP+) (6GK5334-5TS01-4AR3) (Todas las versiones anteriores a la V3.2). Una funcionalidad interna de finalización de sesión en la interfaz web de los productos afectados contiene una vulnerabilidad de comprobación de autorización incorrecta. Esto podría permitir que un atacante remoto autenticado con rol de \"invitado\" finalice las sesiones de usuarios legítimos."}],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-693776.html","source":"productcert@siemens.com"}]}}]}