CVE-2025-40943

CRITICAL WAF: High

CVSS 9.6 Published: 2026-03-10

CWE-79

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

References

cert-portal.siemens.com

Back to CVE Database