{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "SIMATIC S7-PLCSIM Advanced contains a vulnerability that could allow an attacker to cause a denial of service condition.\n\nSiemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-828211: Denial of Service Vulnerability in SIMATIC S7-PLCSIM Advanced - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-828211.html"
      },
      {
        "category": "self",
        "summary": "SSA-828211: Denial of Service Vulnerability in SIMATIC S7-PLCSIM Advanced - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-828211.json"
      }
    ],
    "title": "SSA-828211: Denial of Service Vulnerability in SIMATIC S7-PLCSIM Advanced",
    "tracking": {
      "current_release_date": "2026-07-14T00:00:00.000Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-828211",
      "initial_release_date": "2026-07-14T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-07-14T00:00:00.000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "interim",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-PLCSIM Advanced",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-PLCSIM Advanced"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-54429",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "description",
          "text": "Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable the S7-PLCSIM Virtual Switch binding on the network adapter used by the affected instance. This prevents the adapter from entering an external communication mode and removes the attack vector entirely. (see SIMATIC S7-PLCSIM Advanced Function Manual V8.0, 11/2025 Section 5.3 and Section 6.1.2.3; and SIMATIC S7-PLCSIM Advanced Function Manual API V8.0, 11/2025 Section 7.2)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict multicast traffic on the network segment hosting the SIMATIC S7-PLCSIM Advanced host.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use 'Softbus' / 'PLCSIM' network mode. This mode does not accept any packets from the network. This mode is a default network mode. (see SIMATIC S7-PLCSIM Advanced Function Manual V8.0, 11/2025 Section 5.0 and Section 5.1; and SIMATIC S7-PLCSIM Advanced Function Manual API V8.0, 11/2025 Section 7.2)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-54429"
    }
  ]
}