Posts by CISA (old posts, page 2)

RSS feed

Growatt Cloud Applications

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Growatt
  • Equipment: Cloud Applications
  • Vulnerabilities: Cross-site Scripting, Authorization Bypass Through User-Controlled Key, Insufficient Type Distinction, External Control of System or Configuration Setting

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Growatt products are affected:

  • Growatt cloud portal: Versions 3.6.0 and prior.

3.2 VULNERABILITY OVERVIEW

3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.

CVE-2025-30511 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-30511. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can check the existence of usernames in the system by querying an API.

CVE-2025-31933 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-CVE-2025-31933. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.3 Authorization Bypass Through User-Controlled Key CWE-639

An authenticated attacker can obtain any plant name by knowing the plant ID.

CVE-2025-31949 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31949. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.4 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can obtain a user's plant list by knowing the username.

CVE-2025-31357 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31357. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.5 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.

CVE-2025-31941 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31941. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.6 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can infer the existence of usernames in the system by querying an API.

CVE-2025-24487 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-24487. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.7 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request.

CVE-2025-27568 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27568. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.8 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.

CVE-2025-30254 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-30254. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.9 Authorization Bypass Through User-Controlled Key CWE-639

An attacker can change registered email addresses of other users and take over arbitrary accounts.

CVE-2025-27939 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27939. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

3.2.10 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").

CVE-2025-27938 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27938. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.11 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").

CVE-2025-30514 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-30514. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.12 Authorization Bypass Through User-Controlled Key CWE-639

An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").

CVE-2025-31654 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31654. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.13 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can query an API endpoint and get device details.

CVE-2025-27719 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27719. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.14 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).

CVE-2025-26857 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-26857. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.15 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can obtain other users' charger information.

CVE-2025-31945 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31945. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.16 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can obtain EV charger energy consumption information of other users.

CVE-2025-31950 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31950. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.17 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.

CVE-2025-27575 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27575. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.18 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.

CVE-2025-27565 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27565. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N).

3.2.19 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attacker can hijack other users' devices and potentially control them.

CVE-2025-25276 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-25276. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N).

3.2.20 Authorization Bypass Through User-Controlled Key CWE-639

An attacker can export other users' plant information.

CVE-2025-24850 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-24850. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.21 Insufficient Type Distinction CWE-351

An attacker can upload an arbitrary file instead of a plant image.

CVE-2025-30510 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-30510. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.22 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.

CVE-2025-24297 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-24297. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.23 Authorization Bypass Through User-Controlled Key CWE-639

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.

CVE-2025-27927 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27927. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.24 External Control of System or Configuration Setting CWE-15

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).

CVE-2025-30512 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2025-30512. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N).

3.2.25 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.

CVE-2025-31360 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2025-31360. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N).

3.2.26 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.

CVE-2025-31147 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-31147. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.27 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.

CVE-2025-30257 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-30257. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.28 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can rename "rooms" of arbitrary users.

CVE-2025-27561 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27561. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N).

3.2.29 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).

CVE-2025-24315 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-24315. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N).

3.2.30 Authorization Bypass Through User-Controlled Key CWE-639

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.

CVE-2025-27929 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-27929. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: China

3.4 RESEARCHER

Forescout Technologies reported these vulnerabilities to CISA.

4. MITIGATIONS

Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:

  • Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)
  • Use strong passwords and enable multi-factor authentication where applicable.
  • Report any security concerns to Service@Growatt.com.
  • Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • April 15, 2025: Initial Publication

Mitsubishi Electric Europe B.V. smartRTU

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Mitsubishi Electric Europe B.V.
  • Equipment: smartRTU
  • Vulnerability: Missing Authentication for Critical Function, OS Command Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric Europe reports following versions of smartRTU are affected:

  • smartRTU: Versions 3.37 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 Missing Authentication for Critical Function CWE-306

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.

CVE-2025-3232 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-3232. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H).

3.2.1 Improper Neutralization of Special Elements used in an OS Command CWE-78

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.

CVE-2025-3128 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-3128. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Noam Moshe of Claroty Team82 reported this vulnerability to CISA.

4. MITIGATIONS

Mitsubishi Electric Europe B.V. recommends that users take note of the following mitigation measures to minimize the risk of exploiting this vulnerability:

  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
  • Use within a LAN and block access from untrusted networks and hosts through firewalls.
  • Use web application firewall (WAF) to prevent to filter, monitor and block any malicious HTTP/HTTPS traffic.
  • Allow web client access from trusted networks only.

For more information, please see Mitsubishi Electric Europe MEU_PSIRT_2025-3128 under the "Vulnerability Information" section.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • April 15, 2025: Initial Publication

Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 6.9
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
  • Vulnerability: Uncontrolled Resource Consumption

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow remote attackers to affect the availability of the devices under certain conditions.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • SIMOCODE pro V PROFINET: All versions
  • SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0): Versions prior to V4.4
  • SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0): All versions
  • SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0): Versions prior to V4.4
  • SIDOOR ATD430W: All versions
  • SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0): All versions
  • SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0): All versions
  • SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0): All versions
  • SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0): All versions
  • SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU01-0BN0): All versions
  • SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0): All versions
  • SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0): All versions
  • SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0): All versions
  • SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0): All versions
  • SIMATIC ET 200pro IM 154-4 PN HF (6ES7154-4AB10-0AB0): All versions
  • SIPLUS ET 200M IM 153-4 PN IO HF (6AG1153-4BA00-7XB0): All versions
  • SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0): Versions prior to V4.4
  • SIPLUS ET 200SP IM 155-6 PN ST (6AG1155-6AU00-7BN0): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST (6AG1155-6AU01-7BN0): All versions
  • SIMATIC CFU DIQ (6ES7655-5PX31-1XX0): Versions prior to V2.0.0
  • SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA00-7BN0): All versions
  • SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0): All versions
  • SIMATIC ET 200SP IM 155-6 PN HS (6ES7155-6AU00-0DN0): All versions
  • SIPLUS ET 200S IM151-3 PN HF (6AG1151-3BA23-7AB0): All versions
  • SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0): Versions prior to V4.4
  • SIMATIC ET 200SP IM 155-6 PN ST BA (6ES7155-6AA00-0BN0): All versions
  • SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0): All versions
  • SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0): Versions prior to V4.4
  • SIMATIC ET 200M IM 153-4 PN IO ST (6ES7153-4AA01-0XB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0): All versions
  • SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0): Versions prior to V4.4
  • SIMATIC ET 200MP IM 155-5 PN ST (6ES7155-5AA01-0AB0): All versions
  • SIMATIC TDC CPU555: All versions
  • SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0): Versions prior to V4.4
  • SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST TX RAIL (6AG2155-6AU01-4BN0): All versions
  • SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0): Versions prior to V4.4
  • SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0): All versions
  • SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0): Versions prior to V4.4
  • SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0): All versions
  • SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0): Versions prior to V4.4
  • SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0): All versions
  • SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0): All versions
  • SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0): Versions prior to V4.4
  • SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0): All versions
  • SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0): All versions
  • SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0): Versions prior to V4.4
  • SIWAREX WP251 (7MH4960-6AA01): All versions
  • SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0): Versions prior to V4.4
  • SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0): All versions
  • SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants): Versions priror to V1.3
  • SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0): All versions
  • SIMATIC TDC CP51M1: All versions
  • SIPLUS ET 200MP IM 155-5 PN ST (6AG1155-5AA00-7AB0): All versions
  • SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0): All versions
  • SIPLUS ET 200MP IM 155-5 PN ST TX RAIL (6AG2155-5AA00-4AB0): All versions
  • SIPLUS ET 200MP IM 155-5 PN ST TX RAIL (6AG2155-5AA01-4AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST TX RAIL (6AG2155-6AU00-4BN0): All versions
  • SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0): Versions prior to V4.4
  • SIPLUS ET 200M IM 153-4 PN IO ST (6AG1153-4AA01-7XB0): All versions
  • SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0): All versions
  • SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0): All versions
  • SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0): Versions prior to V4.4
  • SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0): All versions
  • SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0): All versions
  • SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0): All versions
  • SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0): Versions prior to V4.4
  • SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0): Versions prior to V4.4
  • SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL (6AG2155-6AA00-4BN0): All versions
  • SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0): All versions
  • SIMATIC ET 200S IM 151-3 PN HS (6ES7151-3BA60-0AB0): All versions
  • SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0): Versions prior to V4.4
  • SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0): All versions
  • SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0): All versions
  • SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0): Versions prior to V4.4
  • SIMATIC ET 200MP IM 155-5 PN BA (6ES7155-5AA00-0AA0): All versions
  • SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0): All versions
  • SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0): All versions
  • SIMATIC ET 200M IM 153-4 PN IO HF (6ES7153-4BA00-0XB0): All versions
  • SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0): Versions prior to V4.4
  • SIMATIC CFU PA (6ES7655-5PX11-1XX0): Versions prior to V2.0
  • SIMATIC ET 200S IM 151-3 PN HF (6ES7151-3BA23-0AB0): All versions
  • SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants): Versions prior to V8.3
  • SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0): Versions prior to V4.4
  • SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0): All versions
  • SIWAREX WP231 (7MH4960-2AA01): All versions
  • SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0): Versions prior to V4.4
  • SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0): All versions
  • SIMATIC CFU PA (6ES7655-5PX11-0XX0): Versions prior to V2.0.0
  • SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0): Versions prior to V4.4
  • SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0): All versions
  • SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0): Versions prior to V4.4
  • SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0): Versions prior to V4.4
  • SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0): All versions
  • SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0): Versions prior to V4.4
  • SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants): All versions
  • SINUMERIK 840D sl: All versions
  • SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0): All versions
  • SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0): All versions
  • SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0): Versions prior to V4.4
  • SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants): All versions
  • SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0): Versions prior to V4.4
  • SIMATIC ET 200S IM 151-3 PN FO (6ES7151-3BB23-0AB0): All versions
  • SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0): All versions
  • SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0): All versions
  • SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0): All versions
  • SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0): Versions prior to V4.4
  • SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0): Versions prior to V4.4
  • SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0): All versions
  • SIPLUS ET 200S IM151-3 PN ST (6AG1151-3AA23-2AB0): All versions
  • SIMATIC ET 200SP IM 155-6 PN BA (6ES7155-6AR00-0AN0): All versions
  • SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA01-7BN0): All versions
  • SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0): All versions
  • SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0): Versions prior to V4.4
  • SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0): All versions
  • SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants): All versions
  • SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0): Versions prior to V4.4
  • SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants): All versions
  • SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1): All versions
  • SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL (6AG2155-6AA01-4BN0): All versions
  • SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU00-0BN0): All versions
  • SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0): All versions
  • SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0): Versions prior to V4.4
  • SIDOOR ATE530G COATED (6FB1221-5SM10-7BP0): All versions
  • SIMATIC ET 200SP IM 155-6 PN ST BA (6ES7155-6AA01-0BN0): All versions
  • SIPLUS ET 200MP IM 155-5 PN ST (6AG1155-5AA01-7AB0): All versions
  • SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0): Versions prior to V4.4
  • SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0): All versions
  • SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0): All versions
  • SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0): All versions
  • SIMATIC Power Line Booster PLB, Modem Module ST (6ES7972-5AA51-0AB0): All versions
  • SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0): All versions
  • SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0): All versions
  • SIMATIC ET 200S IM 151-3 PN ST (6ES7151-3AA23-0AB0): All versions
  • SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0): Versions prior to V4.4
  • SIMATIC ET 200MP IM 155-5 PN ST (6ES7155-5AA00-0AB0): All versions
  • SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0): All versions
  • SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0): Versions prior to V4.4
  • SIWAREX WP241 (7MH4960-4AA01): All versions
  • SIDOOR ATE530S COATED: All versions
  • SIWAREX WP521 ST (7MH4980-1AA01): All versions
  • SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0): All versions
  • SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0): Versions prior to V4.4
  • SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0): All versions
  • SIMATIC Power Line Booster PLB, Base Module (6ES7972-5AA10-0AB0): All versions
  • SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0): Versions prior to V4.4
  • SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0): All versions
  • SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0): Versions prior to V4.4
  • SIMATIC ET 200pro IM 154-3 PN HF (6ES7154-3AB00-0AB0): All versions
  • SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0): All versions
  • SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0): All versions
  • SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0): All versions
  • SIWAREX WP522 ST (7MH4980-2AA01): All versions
  • SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0): Versions prior to V4.4
  • SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0): Versions prior to V4.4

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400

The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial-of-service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

CVE-2024-23814 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

A CVSS v4 score has also been calculated for CVE-2024-23814. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Implement packet filtering rules at network perimeter devices (firewalls, routers, IDS/IPS) to block ICMP messages with large payloads if viable in your environment
  • SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants): Disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead
  • SIDOOR ATD430W, SIDOOR ATE530G COATED (6FB1221-5SM10-7BP0), SIDOOR ATE530S COATED, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200M IM 153-4 PN IO HF (6ES7153-4BA00-0XB0), SIMATIC ET 200M IM 153-4 PN IO ST (6ES7153-4AA01-0XB0), SIMATIC ET 200MP IM 155-5 PN BA (6ES7155-5AA00-0AA0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200MP IM 155-5 PN ST (6ES7155-5AA00-0AB0), SIMATIC ET 200MP IM 155-5 PN ST (6ES7155-5AA01-0AB0), SIMATIC ET 200pro IM 154-3 PN HF (6ES7154-3AB00-0AB0), SIMATIC ET 200pro IM 154-4 PN HF (6ES7154-4AB10-0AB0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-3 PN FO (6ES7151-3BB23-0AB0), SIMATIC ET 200S IM 151-3 PN HF (6ES7151-3BA23-0AB0), SIMATIC ET 200S IM 151-3 PN HS (6ES7151-3BA60-0AB0), SIMATIC ET 200S IM 151-3 PN ST (6ES7151-3AA23-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN BA (6ES7155-6AR00-0AN0), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HS (6ES7155-6AU00-0DN0), SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU00-0BN0), SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU01-0BN0), SIMATIC ET 200SP IM 155-6 PN ST BA (6ES7155-6AA00-0BN0), SIMATIC ET 200SP IM 155-6 PN ST BA (6ES7155-6AA01-0BN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC Power Line Booster PLB, Base Module (6ES7972-5AA10-0AB0), SIMATIC Power Line Booster PLB, Modem Module ST (6ES7972-5AA51-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SINUMERIK 840D sl, SIPLUS ET 200M IM 153-4 PN IO HF (6AG1153-4BA00-7XB0), SIPLUS ET 200M IM 153-4 PN IO ST (6AG1153-4AA01-7XB0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200MP IM 155-5 PN ST (6AG1155-5AA00-7AB0), SIPLUS ET 200MP IM 155-5 PN ST (6AG1155-5AA01-7AB0), SIPLUS ET 200MP IM 155-5 PN ST TX RAIL (6AG2155-5AA00-4AB0), SIPLUS ET 200MP IM 155-5 PN ST TX RAIL (6AG2155-5AA01-4AB0), SIPLUS ET 200S IM151-3 PN HF (6AG1151-3BA23-7AB0), SIPLUS ET 200S IM151-3 PN ST (6AG1151-3AA23-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS ET 200SP IM 155-6 PN ST (6AG1155-6AU00-7BN0), SIPLUS ET 200SP IM 155-6 PN ST (6AG1155-6AU01-7BN0), SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA00-7BN0), SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA01-7BN0), SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL (6AG2155-6AA00-4BN0), SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL (6AG2155-6AA01-4BN0), SIPLUS ET 200SP IM 155-6 PN ST TX RAIL (6AG2155-6AU00-4BN0), SIPLUS ET 200SP IM 155-6 PN ST TX RAIL (6AG2155-6AU01-4BN0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0), SIWAREX WP231 (7MH4960-2AA01), SIWAREX WP241 (7MH4960-4AA01), SIWAREX WP251 (7MH4960-6AA01), SIWAREX WP521 ST (7MH4980-1AA01), SIWAREX WP522 ST (7MH4980-2AA01): Currently no fix is planned
  • SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants), SIMOCODE pro V PROFINET, SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0): Currently no fix is available
  • SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants): Update to V1.3 or later version
  • SIMATIC CFU PA (6ES7655-5PX11-1XX0): Update to V2.0.0 or later version
  • SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0): Update to V2.0.0 or later version
  • SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0): Update to V4.4 or later version
  • SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0): Update to V4.4 or later version
  • SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants): Update to V8.3 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-725549 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • April 15, 2025: Initial Republication of Siemen's Advisory SSA-725549