Unauth USB Access Enables Reboot DoS in SIMATIC CN4100 (v<4.0.1)
CVE-2025-40939 Published on December 9, 2025
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-40939 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-40939
Want to know whenever a new CVE is published for Siemens Simatic Cn 4100? stack.watch will email you.
Affected Versions
Siemens SIMATIC CN 4100:- Before V4.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.