CVE-2025-24510 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-24510 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

EPSS 0.13% · 32.7th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.13%

32.7th percentile

Affected Products

Vendor	Product	Versions
Siemens	MS/TP Point Pickup Module	0

Timeline

May 13, 2025 EPSS Score
May 13, 2025 Coalition ESS Score
May 13, 2025 CVE Published
May 15, 2025 PoC Published
May 24, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 26, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 17, 2025 EPSS Score
Jul 28, 2025 EPSS Score
Aug 8, 2025 EPSS Score

References

Open in Interactive Console →