CVE-2026-21947

SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. The following versions of Siemens SIMATIC are affected: SIMATIC CN 4100 vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 9.6 Siemens Siemens SIMATIC NULL Pointer Dereference, Reachable Assertion, Use After Free, Out-of-bounds Write, Integer Overflow or Wraparound, Allocation of Resources Without Limits or Throttling, Out-of-bounds Read, Covert Timing Channel, Stack-based Buffer Overflow, Inefficient Algorithmic Complexity, Missing Release of Memory after Effective Lifetime, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Improper Locking, Uncontrolled Recursion, Buffer Access with Incorrect Length Value, Race Condition within a Thread, Missing Synchronization, Use of Uninitialized Resource, Double Free, Missing Release of Resource after Effective Lifetime, Loop with Unreachable Exit Condition ('Infinite Loop'), Improper Update of Reference Count, Improper Control of a Resource Through its Lifetime, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Unexpected Status Code or Return Value, Divide By Zero, Improper Validation of Specified Index, Position, or Offset in Input, Comparison Using Wrong Factors, Observable Timing Discrepancy, Improper Validation of Syntactic Correctness of Input, Deadlock, Signal Handler Race Condition, Improper Following of Specification by Caller, Improper Check for Dropped Privileges, Transmission of Private Resources into a New Sphere ('Resource Leak'), Improper Resource Shutdown or Release, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Relative Path Traversal, Improper Neutralization of Escape, Meta, or Control Sequences, Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade'), Uncontrolled Resource Consumption, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Missing Authentication for Critical Function, Improper Check for Unusual or Exceptional Conditions Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany

EPSS 0.07% · 20.2th percentile