Siemens SIMATIC S7-1200 CPU Family

Plan PatchCVSS 7.5ICS-CERT ICSA-25-044-01Feb 11, 2025

SiemensTransportation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC S7-1200 CPU family firmware versions before V4.7 contains two denial of service vulnerabilities (CWE-404, CWE-1286). An attacker can send malformed network packets that cause the CPU to crash or become unresponsive, disrupting all automated control logic. The vulnerabilities require only network-layer access with no credentials. Siemens has released firmware version 4.7 and later as fixes for all affected CPU variants (1211C, 1212C, 1212FC, 1214C, 1214FC, 1215C, 1215FC, 1217C and their SIPLUS equivalents).

What this means

What could happen

An attacker with network access can send specially crafted packets to cause a denial of service, forcing the PLC to stop responding and halting any automated process it controls until the device is manually restarted.

Who's at risk

Transportation operators and any facility running SIMATIC S7-1200 PLCs (versions before 4.7) for process automation, including water treatment plants, traffic signal control systems, and rail automation. This affects both standard SIMATIC and SIPLUS (extended-temperature) variants across CPU models 1211C through 1217C.

How it could be exploited

An attacker on the network (or Internet, if the device is exposed) sends malformed network packets to the S7-1200 CPU. The device processes these invalid packets without proper validation, causing the CPU to become unresponsive. This stops all control logic and process automation managed by the PLC.

Prerequisites

Network access to the S7-1200 CPU (TCP/IP connectivity on Ethernet port)
No credentials or authentication required

Remotely exploitableNo authentication requiredLow complexity attackAffects availability of critical control systemsWidespread deployment in transportation and infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (34)

34 with fix

ProductAffected VersionsFix Status

SIMATIC S7-1200 CPU 1211C AC/DC/Rly<V4.74.7

SIMATIC S7-1200 CPU 1211C DC/DC/DC<V4.74.7

SIMATIC S7-1200 CPU 1211C DC/DC/Rly<V4.74.7

SIMATIC S7-1200 CPU 1212C AC/DC/Rly<V4.74.7

SIMATIC S7-1200 CPU 1212C DC/DC/DC<V4.74.7

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to S7-1200 devices using a firewall—only allow connections from trusted engineering workstations and SCADA servers

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC S7-1200 CPU firmware to version 4.7 or later

Long-term hardening

0/2

HARDENINGIsolate S7-1200 PLCs from the corporate IT network and Internet; place them on a separate, protected OT network

HARDENINGIf remote access is required, route connections through a VPN; verify VPN firmware is current

CVEs (2)

CVE-2025-24812 CVE-2025-24811

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a1b848a-d004-4ac6-84ed-24463e9737f5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.