CVE-2025-23403

CVSS 3.1 Score 7 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 732

Summary

CVE-2025-23403 is a newly identified vulnerability affecting SIMATIC IPC DiagBase and DiagMonitor, both of which are versions for all Siemens Industrial Communications Devices. The issue lies in the improper handling of user permissions for registry keys. An authenticated attacker can exploit this flaw to load malicious drivers onto the system, resulting in privilege escalation or bypassing security measures, including endpoint protection. This vulnerability poses a significant risk to industrial control systems and requires immediate attention and patching to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2f3eyW
https://www.cve.org/CVERecord?id=CVE-2025-23403
https://nvd.nist.gov/vuln/detail/CVE-2025-23403

Back to Vulnerability Database

CVE-2025-23403

CVSS 3.1 Score 7 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations