CVE-2025-40818

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

CVSS Details

CVSS Score

3.3

Severity

LOW

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp1:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp2:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp3:*:*:*:*:*:* - VULNERABLE

SINEMA Remote Connect Server < V3.2 SP4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

需要本地访问权限来读取服务器上的私钥文件

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-40818
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-40818
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-40818/
[4] VulDB https://vuldb.com/cve/CVE-2025-40818
[5] https://cert-portal.siemens.com/productcert/html/ssa-626856.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-40818", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:46.040", "lastModified": "2025-12-10T21:42:48.550", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.2", "matchCriteriaId": "BA2839E7-E397-4D69-865B-439F0017D540"}, {"vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "A5A387A4-6899-4756-9EAA-ADBC636F8CF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp2:*:*:*:*:*:*", "matchCriteriaId": "9FAB8933-0A70-437C-9190-24B03C96E4C6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp3:*:*:*:*:*:*", "matchCriteriaId": "866C3491-9238-436C-A096-B52FD8B4E659"}]}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-626856.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}