Siemens SIMATIC ET 200SP Communication Processors

Plan PatchCVSS 9.8ICS-CERT ICSA-25-289-07Oct 14, 2025

SiemensTransportation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC ET 200SP communication processors (CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS variants) contain an authentication bypass vulnerability that allows an unauthenticated remote attacker to access configuration data. The vulnerability exists because affected devices do not properly validate authentication before exposing sensitive configuration information to network requests. Siemens has released firmware version 2.4.24 and later to correct this issue across all affected product variants.

What this means

What could happen

An unauthenticated attacker with network access could read configuration data from the communication processor, potentially exposing process parameters, network topology, or other sensitive settings that could enable follow-on attacks against your control systems.

Who's at risk

Transportation facilities using Siemens SIMATIC ET 200SP communication processors (CP 1542SP-1, CP 1543SP-1, and SIPLUS variants) in signal control, rail operations, or other critical switching and communication roles should prioritize patching and access controls for these devices.

How it could be exploited

An attacker on the network sends requests to the communication processor without credentials and receives configuration data in response. No authentication check is performed before allowing access to sensitive configuration information.

Prerequisites

Network access to the communication processor port
No authentication credentials required

remotely exploitableno authentication requiredlow complexityaffects industrial control communication

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

SIMATIC CP 1542SP-1< 2.4.242.4.24

SIMATIC CP 1542SP-1 IRC< 2.4.242.4.24

SIMATIC CP 1543SP-1< 2.4.242.4.24

SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL< 2.4.242.4.24

SIPLUS ET 200SP CP 1543SP-1 ISEC< 2.4.242.4.24

SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL< 2.4.242.4.24

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to communication processors to trusted IP addresses only using firewall rules or access control lists

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SIMATIC CP 1542SP-1

HOTFIXUpdate SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (including SIPLUS variants) to firmware version 2.4.24 or later

Long-term hardening

0/2

HARDENINGIsolate ET 200SP communication processors from the business network and place them behind a firewall

HARDENINGDisable internet-accessible routes to communication processors; ensure they are only accessible from trusted internal networks

CVEs (1)

CVE-2025-40771

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1354bb7d-056e-40f1-b36e-9bfc12747eb6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.