VDB
CVE-2025-24510
CVE-2025-24510
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.
EPSS 0.13% · 32.3th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.13%
32.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | MS/TP Point Pickup Module | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-24510 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-668154.html (circl)
Timeline
- May 13, 2025 EPSS Score
- May 13, 2025 Coalition ESS Score
- May 13, 2025 CVE Published
- May 15, 2025 PoC Published
- May 24, 2025 EPSS Score
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
- Aug 1, 2025 EPSS Score
- Aug 13, 2025 EPSS Score