Siemens SIMATIC and SIPLUS products
Plan PatchCVSS 7.5ICS-CERT ICSA-26-015-04Jan 13, 2026
SiemensEnergyTransportation
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Siemens ET 200 distributed I/O modules (SIMATIC and SIPLUS variants) contain a denial-of-service vulnerability in their PROFINET interface modules. An attacker can send a valid S7 protocol Disconnect Request (COTP DR TPDU) to port 102, causing the device to become unresponsive. The affected device requires a power cycle to recover. Multiple variants and versions are affected, with some products unable to receive patches due to end-of-life status.
What this means
What could happen
An attacker with network access to your ET 200 modules can crash them remotely, disrupting field I/O communication and forcing manual power cycling. If these devices control critical process I/O in energy or transportation systems, loss of their communication function will stop or degrade operations.
Who's at risk
Operators of Siemens SIMATIC and SIPLUS ET 200 distributed I/O modules (interface modules IM 155-5, IM 155-6, IM 157-1, and PN/PN and PN/MF Coupler devices) used in energy generation, transmission, water treatment, and transportation control systems. If your site uses ET 200 remote I/O racks connected via PROFINET, this affects you.
How it could be exploited
An attacker with network access to port 102 (PROFINET/S7 protocol port) on an ET 200 module sends a malformed Disconnect Request packet. The device processes this message and becomes unresponsive, severing communication with the PLC or control system until power cycled.
Prerequisites
- Network reachability to port 102 on the target ET 200 device
- Ability to send PROFINET/S7 protocol packets (no authentication required)
remotely exploitableno authentication requiredlow complexityno patch available for many variantsaffects process I/O communication
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (15)
5 with fix10 EOL
ProductAffected VersionsFix Status
SIMATIC ET 200SP IM 155-6 MF HFAll versionsNo fix (EOL)
SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL≥ 4.2.0No fix (EOL)
SIPLUS ET 200SP IM 155-6 PN HF TX RAIL≥ 4.2.0No fix (EOL)
SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)< 1.31.3
SIMATIC ET 200SP IM 155-6 PN R1< 6.0.16.0.1
SIMATIC ET 200SP IM 155-6 PN/3 HF< 4.2.24.2.2
SIMATIC PN/PN Coupler< 6.0.06.0.0
SIPLUS NET PN/PN Coupler< 6.0.06.0.0
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDRestrict network access to port 102 on all ET 200 devices using a firewall rule to accept only connections from trusted engineering and control system IP addresses
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SIMATIC ET 200SP IM 155-6 PN/3 HF
HOTFIXUpdate SIMATIC ET 200SP IM 155-6 PN/3 HF to firmware version 4.2.2
SIMATIC ET 200SP IM 155-6 PN R1
HOTFIXUpdate SIMATIC ET 200SP IM 155-6 PN R1 to firmware version 6.0.1
SIMATIC PN/PN Coupler
HOTFIXUpdate SIMATIC PN/PN Coupler and SIPLUS NET PN/PN Coupler to firmware version 6.0.0
All products
HOTFIXUpdate SIMATIC ET 200SP IM 155-6 PN HA (and SIPLUS variants) to firmware version 1.3
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: SIMATIC ET 200SP IM 155-6 MF HF, SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL, SIPLUS ET 200SP IM 155-6 PN HF TX RAIL, SIMATIC ET 200AL IM 157-1 PN, SIMATIC ET 200MP IM 155-5 PN HF, SIMATIC ET 200SP IM 155-6 PN/2 HF, SIMATIC PN/MF Coupler, SIPLUS ET 200MP IM 155-5 PN HF, SIPLUS ET 200SP IM 155-6 PN HF, SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL. Apply the following compensating controls:
HARDENINGSegment the PROFINET network where S7 communication occurs; isolate ET 200 devices from general plant IT networks and untrusted systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d849436f-6d20-4473-8b7d-ba2055a209dcGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.