Siemens SIMATIC S7-1200 CPU Family

Plan Patch7.5ICS-CERT ICSA-25-044-01Feb 11, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SIMATIC and SIPLUS S7-1200 CPU family before firmware version V4.7 contains two denial of service vulnerabilities (CWE-404, CWE-1286). These flaws allow an attacker to crash the CPU by sending specially crafted network packets, causing immediate loss of process control until manual restart. The vulnerability is triggered remotely over the network without authentication. Siemens has released firmware V4.7 and later versions that correct both issues. Network-level protections such as firewalls and segmentation are recommended as interim mitigations.

What this means

What could happen

An attacker can send specially crafted network packets to crash a Siemens S7-1200 CPU, halting process control logic and stopping operations until the device is manually restarted.

Who's at risk

Transportation and industrial facilities using Siemens S7-1200 CPUs for process control (train signaling systems, traffic management, conveyor control, and other critical automation). This includes both SIMATIC and SIPLUS product lines across all modular variants (1211C, 1212C, 1212FC, 1214C, 1214FC, 1215C, 1215FC, 1217C) manufactured before firmware V4.7.

How it could be exploited

An attacker with network access to the CPU (typically port 102 for S7 protocol) sends malformed packets that trigger a denial of service condition in the firmware. No authentication or special configuration is required to send these packets.

Prerequisites

Network access to the S7-1200 CPU on port 102 (S7 protocol)
CPU firmware version prior to V4.7
No special credentials or authentication required

Remotely exploitableNo authentication requiredLow complexity attackAffects process control PLCsWide range of deployed devicesLow EPSS score but known vulnerability class

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (34)

34 with fix

ProductAffected VersionsFix Status

SIMATIC S7-1200 CPU 1211C AC/DC/Rly<V4.74.7

SIMATIC S7-1200 CPU 1211C DC/DC/DC<V4.74.7

SIMATIC S7-1200 CPU 1211C DC/DC/Rly<V4.74.7

SIMATIC S7-1200 CPU 1212C AC/DC/Rly<V4.74.7

SIMATIC S7-1200 CPU 1212C DC/DC/DC<V4.74.7

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to S7-1200 CPUs using firewall rules; limit port 102 connections to authorized engineering workstations and SCADA/HMI systems only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all SIMATIC and SIPLUS S7-1200 CPU units to firmware version V4.7 or later

Long-term hardening

0/1

HARDENINGIsolate control system networks from business networks and the Internet using network segmentation

CVEs (2)

CVE-2025-24812 CVE-2025-24811

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a1b848a-d004-4ac6-84ed-24463e9737f5