VDB
SSA-725549
SSA-725549
PUBLISHED
CVSS 5.300000190734863 MEDIUM
The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0) | |
| Siemens | SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) | |
| Siemens | SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) | |
| Siemens | SIMATIC ET 200S IM 151-3 PN HF (6ES7151-3BA23-0AB0) | |
| Siemens | SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0) | |
| Siemens | SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0) | |
| Siemens | SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0) | |
| Siemens | SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0) | |
| Siemens | SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0) | |
| Siemens | SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0) | |
| Siemens | SIMATIC ET 200pro IM 154-3 PN HF (6ES7154-3AB00-0AB0) | |
| Siemens | SIMATIC ET 200pro IM 154-4 PN HF (6ES7154-4AB10-0AB0) | |
| Siemens | SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0) | |
| Siemens | SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0) | |
| Siemens | SIPLUS ET 200M IM 153-4 PN IO HF (6AG1153-4BA00-7XB0) | |
| Siemens | SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0) | |
| Siemens | SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA01-7BN0) | |
| Siemens | SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0) | |
| Siemens | SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) | |
| Siemens | SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0) |
…and 147 more
Timeline
- Apr 8, 2025 CVE Published
- Jul 21, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-725549.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-725549.html advisory
- https://support.industry.siemens.com/cs/ww/en/view/109773044/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109754628/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109781049/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109771672/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109760973/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109476571/ patch