OTPulse
FeedAboutContact

Siemens SINEC OS

Low Risk3.1ICS-CERT ICSA-25-254-04Sep 9, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

SINEC OS on RUGGEDCOM RST2428P is affected by vulnerabilities in open UDP port implementations. An attacker without authentication could query open ports to access non-sensitive information or send crafted packets that cause temporary denial of service. Siemens is preparing fixes and recommends network protection mechanisms in the interim.

What this means
What could happen
An attacker on the same network segment could query open UDP ports on the RUGGEDCOM RST2428P to view non-sensitive device information or send crafted packets that briefly interrupt device communications, causing temporary service disruption.
Who's at risk
Water utilities and municipal electric systems using Siemens RUGGEDCOM RST2428P ruggedized switches for critical automation and SCADA networks should assess exposure, particularly if the device is deployed in flat networks or networks with untrusted local access.
How it could be exploited
An attacker sends UDP packets to open ports on the device without needing credentials. The device responds with information or processes the malformed packets in a way that consumes resources, momentarily affecting availability.
Prerequisites
  • Network access to the same broadcast domain as the RUGGEDCOM RST2428P (Layer 2 or Layer 3 adjacency)
  • No authentication or credentials required
Remotely exploitable from adjacent network segmentNo authentication requiredNo patch available yetLow CVSS score but affects network availability
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM RST2428P (6GK6242-6PA00)All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGPlace the RUGGEDCOM RST2428P behind a managed switch or firewall that blocks unsolicited UDP traffic from reaching the device
HARDENINGSegment the network so that the device is only reachable from trusted engineering workstations and management systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens support portal for firmware updates and apply when available
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/be64a738-a8b9-49f9-8685-c7968256712d
Siemens SINEC OS | CVSS 3.1 - OTPulse