SIMATIC RCE via Type Confusion (CVE-2025-40759)
CVE-2025-40759 Published on August 12, 2025
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2). Affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-40759 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2025-40759
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-40759 are published in these products:
Affected Versions
Siemens SIMATIC S7-PLCSIM V17:- Before * is affected.
- Before V17 Update 9 is affected.
- Before * is affected.
- Before V19 Update 4 is affected.
- Before V20 Update 4 is affected.
- Before V17 Update 9 is affected.
- Before * is affected.
- Before V19 Update 4 is affected.
- Before V20 Update 4 is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before V5.6 SP1 HF7 is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before * is affected.
- Before V5.2.1.1 is affected.
- Before V5.2.2.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.