ICSA-25-352-05 — Vulnetix

ICSA-25-352-05 PUBLISHED CVSS 7.5 HIGH

Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
	SIMATIC ET 200clean, CM 8x IO-Link (6ES7148-7JH00-0BB0)
	SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0)
	SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0)
	SIMATIC CFU DIQ (6ES7655-5PX31-1XX0)
	SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0)
	SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0)
	SIDOOR ATD430W
	SIDOOR ATE530S COATED
	SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0)
	SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0)
	SIMATIC CFU PA (6ES7655-5PX11-0XX0)
	SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0)
	SIMATIC ET 200clean, DIQ 16x24VDC/0,5A (6ES7143-7BH00-0BB0)
	SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0)
	SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0)
	SIMATIC ET 200clean, DI 16x24VDC (6ES7141-7BH00-0BB0)
	SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0)
	SIDOOR ATE530G COATED (6FB1221-5SM10-7BP0)
	SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0)
	SIMATIC CFU PA (6ES7655-5PX11-1XX0)

Exploit Intelligence

…and 6 more exploits

Timeline

Dec 9, 2025 CVE Published
Dec 18, 2025 CVE Updated

References

Open in Interactive Console →