Vulnetix
Try Vulnetix Request Demo
ICSA-25-352-05 PUBLISHED CVSS 7.5 HIGH

Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
SIMATIC ET 200clean, CM 8x IO-Link (6ES7148-7JH00-0BB0)
SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0)
SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0)
SIMATIC CFU DIQ (6ES7655-5PX31-1XX0)
SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0)
SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0)
SIDOOR ATD430W
SIDOOR ATE530S COATED
SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0)
SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0)
SIMATIC CFU PA (6ES7655-5PX11-0XX0)
SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)
SIMATIC ET 200clean, DIQ 16x24VDC/0,5A (6ES7143-7BH00-0BB0)
SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0)
SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0)
SIMATIC ET 200clean, DI 16x24VDC (6ES7141-7BH00-0BB0)
SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)
SIDOOR ATE530G COATED (6FB1221-5SM10-7BP0)
SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0)
SIMATIC CFU PA (6ES7655-5PX11-1XX0)

Timeline

References

Open in Interactive Console →