OTPulse
FeedAboutContact

Siemens SIMATIC NET CP, SINEMA and SCALANCE

Monitor7.5ICS-CERT ICSA-25-259-03Sep 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Integer overflow vulnerabilities in Siemens industrial network communication modules (SCALANCE M-series routers, SIMATIC CP communication processors, SCALANCE SC switches, and SINEMA Remote Connect Server). A remote attacker can send a specially crafted packet to trigger an integer overflow in the device firmware, causing denial of service. Affected versions include SCALANCE M-series firmware prior to V7.1, SIMATIC CP 1242-7/1243/1243-7/1243-8/1542SP/1543/1543SP/1545 firmware prior to their respective fixed versions (V3.3.46, V2.2.28, V3.0.22, or V1.1), SCALANCE SC622/632/636/642/646 firmware prior to V2.3, and SINEMA Remote Connect Server prior to V3.1. The issue is identified as CVE-2021-41991 and relates to CWE-190 (integer overflow or wraparound).

What this means
What could happen
An attacker can remotely trigger an integer overflow in these Siemens network communication modules, causing them to stop functioning (denial of service). This would interrupt data transfer for PLCs and industrial controllers that depend on these devices for remote connectivity.
Who's at risk
This vulnerability affects Siemens industrial network communication modules used in manufacturing plants, water treatment facilities, and transportation systems. Specifically: SCALANCE M-series ADSL/SHDSL routers and LTE cellular modules that provide remote connectivity for PLCs and controllers; SIMATIC CP (communication processors) used in S7-1200 and S7-1500 PLCs; SCALANCE SC managed switches; and SINEMA Remote Connect Server for remote maintenance. Transportation, utilities, and manufacturing sectors that rely on these devices for remote PLC access and WAN connectivity are at risk.
How it could be exploited
An attacker with network access to the affected device sends a specially crafted packet that triggers an integer overflow in the device firmware. The device stops responding or crashes, breaking network connectivity for the PLC or controller it serves.
Prerequisites
  • Network access to the affected device's communication interface (Ethernet port or remote interface)
  • No authentication required
remotely exploitableno authentication requiredlow complexityno patch available for any affected productaffects industrial communication infrastructure
Exploitability
Moderate exploit probability (EPSS 2.5%)
Affected products (41)
41 pending
ProductAffected VersionsFix Status
Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): <V7.1<V7.1No fix yet
Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): <V7.1<V7.1No fix yet
Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): <V7.1<V7.1No fix yet
Siemens SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2): <V7.1<V7.1No fix yet
Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): <V7.1<V7.1No fix yet
Remediation & Mitigation
0/10
Do now
0/3
WORKAROUNDFor SIMATIC CP 1242-7 V2, CP 1243-1, CP 1243-7 LTE, CP 1243-8 IRC, and SIPLUS equivalents: Only deploy certificates via TIA portal that were created with TIA portal
HARDENINGRestrict network access to affected devices using firewall rules; allow only necessary traffic to required ports from trusted engineering workstations and supervisory systems
HARDENINGIsolate remote connectivity devices (M-series ADSL/SHDSL routers, LTE modules) from direct internet exposure; place behind VPN or demilitarized zone (DMZ) with strict ingress filtering
Schedule — requires maintenance window
0/7

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE M816-1 ADSL-Router, M874-2, M874-3, M876 series, MUM853-1, MUM856-1, M812-1 ADSL-Router, M826-2 SHDSL-Router, M804PB, RUGGEDCOM RM1224 LTE, and SCALANCE S615 to firmware V7.1 or later
HOTFIXUpdate SIMATIC CP 1242-7 V2, CP 1243-1, CP 1243-7 LTE, CP 1243-8 IRC, and SIPLUS equivalents to firmware V3.3.46 or later
HOTFIXUpdate SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP equivalents to firmware V2.2.28 or later
HOTFIXUpdate SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 to firmware V3.0.22 or later
HOTFIXUpdate SIMATIC CP 1545-1 to firmware V1.1 or later
HOTFIXUpdate SCALANCE SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C to firmware V2.3 or later
HOTFIXUpdate SINEMA Remote Connect Server to V3.1 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/54a6ea24-b6fa-43a3-a8e4-5c4494fe0a4e