exploitDog

CVE-2025-40820

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Ссылки

https://cert-portal.siemens.com/productcert/html/ssa-915282.html

EPSS

Процентиль: 26%

0.00089

Низкий

7.5 High

CVSS3

Дефекты

CWE-940

Связанные уязвимости

GHSA-84r6-pwmm-h2fw

CVSS3: 7.5

github

около 2 месяцев назад

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

BDU:2026-00196

CVSS3: 7.5

fstec

2 месяца назад

Уязвимость микропрограммного обеспечения программируемых логических контроллеров Siemens SIMATIC S7, связанная с недостаточной проверкой источника канала связи, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 26%

0.00089

Низкий

7.5 High

CVSS3

Дефекты

CWE-940