SSA-915282
Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0) | ||
| SIMATIC CFU PA (6ES7655-5PX11-1XX0) | ||
| SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0) | ||
| SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0) | ||
| SIDOOR ATD430W | ||
| SIMATIC ET 200clean, CM 8x IO-Link (6ES7148-7JH00-0BB0) | ||
| SIMATIC ET 200clean, DI 16x24VDC (6ES7141-7BH00-0BB0) | ||
| SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) | ||
| SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0) | ||
| SIDOOR ATE530G COATED (6FB1221-5SM10-7BP0) | ||
| SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0) | ||
| SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0) | ||
| SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0) | ||
| SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) | ||
| SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) | ||
| SIDOOR ATE530S COATED | ||
| SIMATIC CFU PA (6ES7655-5PX11-0XX0) | ||
| SIMATIC ET 200clean, DIQ 16x24VDC/0,5A (6ES7143-7BH00-0BB0) | ||
| SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0) | ||
| SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0) |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-915282.html (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-915282.json (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109773044/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109781049/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109754628/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/107539610/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109760973/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109476571/ (circl)
Timeline
- Dec 9, 2025 CVE Published
References
- https://cert-portal.siemens.com/productcert/html/ssa-915282.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-915282.json advisory
- https://support.industry.siemens.com/cs/ww/en/view/109773044/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109781049/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109754628/ fix
- https://support.industry.siemens.com/cs/ww/en/view/107539610/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109760973/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109476571/ fix