IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-288252: Unquoted Search Path Vulnerability in IAM Client

MEDIUM
CVSS 6.7
Date 2026-07-14T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Multiple Siemens products are affected by unquoted search path vulnerability in IAM Client. This could allow an authenticated local attacker to perform privilege escalation. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2025-40945 6.7 medium
CVE-2025-40945. Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

// Remediations (14)

Patch: Update to V2506.0003 or later version
Update to V2506.0003 or later version
Patch: Update to V2606 or later version
Update to V2606 or later version
Patch: Update to V2506.0009 or later version
Update to V2506.0009 or later version
Patch: Update to V2404.0022 or later version
Update to V2404.0022 or later version
Patch: Update to V226.0 Update 04 or later version
Update to V226.0 Update 04 or later version
Patch: Update to V10.6.1 or later version
Update to V10.6.1 or later version
Patch: Update to V2412.0012 or later version
Update to V2412.0012 or later version
Patch: Update to V10.4.5.0.2 or later version. Contact customer support to receive patch and update informa
Update to V10.4.5.0.2 or later version. Contact customer support to receive patch and update information
Patch: Update to V2512.0002 or later version
Update to V2512.0002 or later version
Patch: Update to V2512.7000 or later version
Update to V2512.7000 or later version
Patch: Update to V2512.7000 or later version
Update to V2512.7000 or later version
Patch: Update to V2504.0010 or later version
Update to V2504.0010 or later version
Patch: Update to V225.0 Update 13 or later version
Update to V225.0 Update 13 or later version
Patch: Update to V2512.2605 or later version
Update to V2512.2605 or later version

// References