OTPulse
FeedAboutContact

Siemens OpenSSL Vulnerability in Industrial Products

Monitor7.4ICS-CERT ICSA-25-259-05Sep 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

OpenSSL vulnerability (CVE-2024-XXXXX, CWE-125: Out-of-bounds read) affecting Siemens industrial products. The flaw is a buffer over-read in OpenSSL's certificate parsing code that could allow remote code execution or denial of service. Affects all versions of numerous SCALANCE wireless APs, switches, routers, RUGGEDCOM hardened routers, SIMATIC communication processors, S7-1200 CPU modules, Industrial Edge devices, and various software platforms. The vulnerability is triggered via specially crafted SSL/TLS handshake packets sent to the device's network interface. Siemens has released patches for some newer communication modules and software platforms (version numbers specified in remediation), but the majority of wireless access points and legacy devices have no fix planned and are permanently vulnerable.

What this means
What could happen
An attacker could remotely crash industrial network devices or execute arbitrary code on them without authentication, potentially disrupting process control networks and causing operational downtime. This affects wireless access points, industrial routers, communication processors, and control system software across manufacturing and transportation sectors.
Who's at risk
Manufacturing and transportation organizations using Siemens industrial networking and control equipment. Specifically: wireless access points (SCALANCE W7xx series), industrial Ethernet switches (SCALANCE X series), rugged routers (RUGGEDCOM ROX), communication processors (SIMATIC CP series), S7-1200 PLC CPU modules, process automation software (SINUMERIK Operate, SIMATIC PCS neo), and remote management platforms. Any organization with Siemens control system networking infrastructure built before 2025 is potentially affected.
How it could be exploited
An attacker on the network could send a crafted SSL/TLS message to any of the affected products' network interfaces, triggering a buffer over-read or memory corruption flaw in OpenSSL. The vulnerability requires no credentials or user interaction. The attacker could be external if the device is exposed to untrusted networks, or internal if on the corporate/OT network.
Prerequisites
  • Network access to the device's Ethernet or wireless interface
  • The device must be reachable from the attacker's network (no firewall blocking SSL/TLS ports)
  • No authentication or valid credentials required
remotely exploitableno authentication requiredlow complexity attackno patch available for majority of wireless productshigh impact on network availabilityaffects industrial network backbone devices
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (224)
224 pending
ProductAffected VersionsFix Status
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0): vers:all/*All versionsNo fix yet
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0): vers:all/*All versionsNo fix yet
Siemens SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6): vers:all/*All versionsNo fix yet
Siemens SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6): vers:all/*All versionsNo fix yet
Siemens SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0): vers:all/*All versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDFor products marked 'no fix planned' (SCALANCE W72x, W73x, W74x, W76x, W77x, W78x, W786, W788 wireless APs; RUGGEDCOM ROX; SINEMA Server V14; Industrial Edge Machine Insight App): segment these devices to isolated subnets with firewall rules blocking inbound SSL/TLS connections from untrusted sources
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXFor products with available patches (CP 1242-7 V2, CP 1243 series, CP 1542SP-1, CP 1543 series, CP 1543SP-1, SCALANCE X200/X201/X202/X204 IRT, S7-1200 CPU, SINEC NMS, SINEMA Remote Connect Server, SINUMERIK Operate, SIMATIC Process Historian, TIA Administrator): update to the specified minimum version or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate affected products from the corporate IT network and external internet access; restrict management traffic to trusted engineering workstations only
HARDENINGMonitor affected devices for unexpected restarts or SSL/TLS connection errors that may indicate exploitation attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/aae659af-b6b2-4504-b075-b08248055cb3
Siemens OpenSSL Vulnerability in Industrial Products | CVSS 7.4 - OTPulse