SSA-288252: Unquoted Search Path Vulnerability in IAM Client
MEDIUM
CVSS6.7
Date2026-07-14T00:00:00+00:00
Sourcesiemens-productcert
Published bySiemens ProductCERT
// Description
Multiple Siemens products are affected by unquoted search path vulnerability in IAM Client. This could allow an authenticated local attacker to perform privilege escalation.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
CVE-2025-40945. Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
// Remediations (14)
Patch: Update to V2506.0003 or later version
Update to V2506.0003 or later version
Patch: Update to V2606 or later version
Update to V2606 or later version
Patch: Update to V2506.0009 or later version
Update to V2506.0009 or later version
Patch: Update to V2404.0022 or later version
Update to V2404.0022 or later version
Patch: Update to V226.0 Update 04 or later version
Update to V226.0 Update 04 or later version
Patch: Update to V10.6.1 or later version
Update to V10.6.1 or later version
Patch: Update to V2412.0012 or later version
Update to V2412.0012 or later version
Patch: Update to V10.4.5.0.2 or later version. Contact customer support to receive patch and update informa
Update to V10.4.5.0.2 or later version. Contact customer support to receive patch and update information
Patch: Update to V2512.0002 or later version
Update to V2512.0002 or later version
Patch: Update to V2512.7000 or later version
Update to V2512.7000 or later version
Patch: Update to V2512.7000 or later version
Update to V2512.7000 or later version
Patch: Update to V2504.0010 or later version
Update to V2504.0010 or later version
Patch: Update to V225.0 Update 13 or later version