SSA-725549

Siemens Security Advisory by Siemens ProductCERT

SSA-725549: Denial of Service of ICMP in Industrial Devices

Publication Date:	2025-04-08
Last Update:	2025-07-21
Current Version:	V1.3
CVSS v3.1 Base Score:	5.3
CVSS v4.0 Base Score:	6.9

SUMMARY

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.

The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability of ICMP services on affected products for a limited time before it restores itself after the attack ceases. Other communication services are not affected by this vulnerability.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIDOOR ATD430W All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIDOOR ATE530G COATED (6FB1221-5SM10-7BP0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIDOOR ATE530S COATED All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) All versions < V2.0.0 affected by CVE-2024-23814	Update to V2.0.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109781049/ See further recommendations from section Workarounds and Mitigations
SIMATIC CFU PA (6ES7655-5PX11-0XX0) All versions < V2.0.0 affected by CVE-2024-23814	Update to V2.0.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109754628/ See further recommendations from section Workarounds and Mitigations
SIMATIC CFU PA (6ES7655-5PX11-1XX0) All versions < V2.0 affected by CVE-2024-23814	Update to V2.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109754628/ See further recommendations from section Workarounds and Mitigations
SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200M IM 153-4 PN IO HF (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200M IM 153-4 PN IO HF (6ES7153-4BA00-0XB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200M IM 153-4 PN IO HF (6AG1153-4BA00-7XB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200M IM 153-4 PN IO ST (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200M IM 153-4 PN IO ST (6ES7153-4AA01-0XB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200M IM 153-4 PN IO ST (6AG1153-4AA01-7XB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN BA (6ES7155-5AA00-0AA0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN HF (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN ST (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN ST (-Ax00) (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN ST (6ES7155-5AA00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN ST (6AG1155-5AA00-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN ST TX RAIL (6AG2155-5AA00-4AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN ST (-Ax01) (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200MP IM 155-5 PN ST (6ES7155-5AA01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN ST (6AG1155-5AA01-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200MP IM 155-5 PN ST TX RAIL (6AG2155-5AA01-4AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200pro IM 154-3 PN HF (6ES7154-3AB00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200pro IM 154-4 PN HF (6ES7154-4AB10-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-3 PN FO (6ES7151-3BB23-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-3 PN HF (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-3 PN HF (6ES7151-3BA23-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200S IM151-3 PN HF (6AG1151-3BA23-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-3 PN HS (6ES7151-3BA60-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-3 PN ST (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-3 PN ST (6ES7151-3AA23-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200S IM151-3 PN ST (6AG1151-3AA23-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN BA (6ES7155-6AR00-0AN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) All versions < V1.3 affected by CVE-2024-23814	Update to V1.3 or later version See further recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN HF (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN HS (6ES7155-6AU00-0DN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST (-Ax00) (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU00-0BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST BA (6ES7155-6AA00-0BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST (6AG1155-6AU00-7BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA00-7BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL (6AG2155-6AA00-4BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST TX RAIL (6AG2155-6AU00-4BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST (-Ax01) (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU01-0BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN ST BA (6ES7155-6AA01-0BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST (6AG1155-6AU01-7BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST BA (6AG1155-6AA01-7BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL (6AG2155-6AA01-4BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN ST TX RAIL (6AG2155-6AU01-4BN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN/2 HF (incl. SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) All versions < V6.0.0 affected by CVE-2024-23814	Update to V6.0.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109760973/ See further recommendations from section Workarounds and Mitigations
SIMATIC Power Line Booster PLB, Base Module (6ES7972-5AA10-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC Power Line Booster PLB, Modem Module ST (6ES7972-5AA51-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU family (incl. related ET 200 CPUs and SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) All versions affected by CVE-2024-23814	Currently no fix is planned As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) All versions < V8.3 affected by CVE-2024-23814	Update to V8.3 or later version https://support.industry.siemens.com/cs/ww/en/view/109476571/ As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) All versions < V10.2 affected by CVE-2024-23814	Update to V10.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109773044/ As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU family V4 (incl. SIPLUS variants)	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0) All versions < V4.4 affected by CVE-2024-23814	Update to V4.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109771672/ See further recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants)	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN00-0AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN00-7AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN00-2AB0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC TDC	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC TDC CP51M1 All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC TDC CPU555 All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants) All versions affected by CVE-2024-23814	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOCODE pro V PROFINET All versions affected by CVE-2024-23814	Currently no fix is available See recommendations from section Workarounds and Mitigations
SINUMERIK 840D sl All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) All versions < V6.0.0 affected by CVE-2024-23814	Update to V6.0.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109760973/ See further recommendations from section Workarounds and Mitigations
SIWAREX WP231 (7MH4960-2AA01) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIWAREX WP241 (7MH4960-4AA01) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIWAREX WP251 (7MH4960-6AA01) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIWAREX WP521 ST (7MH4980-1AA01) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIWAREX WP522 ST (7MH4980-2AA01) All versions affected by CVE-2024-23814	Currently no fix is planned See recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

Implement packet filtering rules at network perimeter devices (firewalls, routers, IDS/IPS) to block ICMP messages with large payloads if viable in your environment

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

PN/PN coupler is used for connecting two PROFINET networks.

SIDOOR is an automatic door management system that offers diverse application options and benefits in elevator, industrial and railway applications.

SIMATIC ET 200 Interface modules for PROFINET IO are used to connect field devices (IO Devices) to controllers (IO Controller) via PROFINET.

SIMATIC Power Line Booster is a communication system for data transmission on conductive media.

SIMATIC S7-1200 CPU products have been designed for discrete and continuous control in industrial environments such as manufacturing, food and beverages, and chemical industries worldwide.

SIMATIC S7-1500 CPU products have been designed for discrete and continuous control in industrial environments such as manufacturing, food and beverages, and chemical industries worldwide.

SIMATIC S7-300 controllers have been designed for discrete and continuous control in industrial environments such as manufacturing, food and beverages, and chemical industries worldwide.

SIMATIC S7-400 controllers have been designed for discrete and continuous control in industrial environments such as manufacturing, food and beverages, and chemical industries worldwide.

SIMOCODE pro is a modular motor management system that combines all required protection, monitoring, safety and control functions for motor feeders.

SINUMERIK CNC offers automation solutions for the shop floor, job shops and large serial production environments.

SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product they are based on.

SIPLUS HCS 4x00 heating control system is used to control and switch heaters in industry control und operation e.g. quartz, ceramic, flash, halogen or infrared heaters.

SIWAREX provides a comprehensive range of weighing electronics for hopper-, platform-, batching-, bagging-, as well as solids flowmeters and belt scales applications

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-23814

The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

CVSS v3.1 Base Score	5.3
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CVSS v4.0 Base Score	6.9
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE	CWE-400: Uncontrolled Resource Consumption

ADDITIONAL INFORMATION

Please note that SIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants) firmware version line V2, V3 and V4 are not affected by CVE-2024-23814 and only the firmware version line V1 is.

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-04-08):	Publication Date
V1.1 (2025-07-08):	Added fix for SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) and SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)
V1.2 (2025-07-10):	Clarified fix version for SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) and SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0): V6.0.0 or later version
V1.3 (2025-07-21):	Clarified that currently no fix is planned for SIPLUS S7-300 CPU devices

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.