THE Siemens SIMATIC advisory (ICS Advisory ICSA-26-071-04) warns of a vulnerability in SIMATIC S7-1500 family devices that could allow code injection if a user is tricked into importing a specially crafted trace file via the device web interface. The issue is assigned CVE-2025-40943 and is rated with a CVSS base score of 9.6 (CRITICAL).
Affected devices include a wide range of SIMATIC controllers and Open Controller CPUs, such as SIMATIC Drive Controller CPU 1504D TF, 1507D TF, ET 200SP and S7-1500 variants listed in the advisory. According to Siemens ProductCERT SSA-452276, vendor fixes are available with updates to V4.1.2 or later, though some products may require mitigations where fixes are not yet available.
Remediations include disabling the web server if not required, restricting Port 80/tcp and 443/tcp access to trusted IPs, and ensuring only trusted trace files are uploaded, with a current note that no general fix exists for all affected products. The advisory also encourages network minimisation and following Siemens’ Industrial Security guidelines.