Siemens Industrial Devices
Plan PatchCVSS 7.5ICS-CERT ICSA-26-134-06May 12, 2026
SiemensManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple Siemens industrial networking, control, and drive devices are vulnerable to a denial of service attack via a null pointer dereference (CWE-476). A remote attacker can crash the device by sending a malformed network packet, disrupting communications or control operations until manual reboot. The vulnerability affects SCALANCE routers and switches, SIMATIC programmable controllers (ET 200, S7 series), SINAMICS variable frequency drives, and other networked industrial devices. Siemens has released patches for some product families (SCALANCE M/W/WAM/WUM/CFU and S7-410 series) but states that fixes are not planned for older S7-300, S7-400, ET 200pro, ET 200S, S7-1500, SINUMERIK, and SINAMICS S110 devices. For unpatched products, Siemens recommends using communication modules instead of direct ethernet ports, restricting network access to trusted systems, or implementing network segmentation.
What this means
What could happen
An attacker on the network can crash affected Siemens industrial devices without authentication, causing temporary service interruption to connected control systems or communications infrastructure. For devices without a fix available, this vulnerability cannot be patched and requires compensating controls.
Who's at risk
Manufacturing plants and utilities using Siemens SCALANCE industrial networking devices (routers, wireless access points, switches), SIMATIC programmable logic controllers (S7-300, S7-400, S7-1500 series), and SINAMICS variable frequency drives. Affected devices serve critical process communication, control logic execution, and motor drives in production lines, water treatment, power distribution, and other industrial automation applications.
How it could be exploited
An attacker sends a malformed network packet to a vulnerable industrial device (SCALANCE router, SIMATIC CPU, or SINAMICS drive) on the network. The device crashes due to a null pointer dereference, disrupting process communication or stopping automation operations until the device is manually rebooted.
Prerequisites
- Network access to the industrial device over Ethernet
- No credentials required
- Device must be connected to an accessible network segment
remotely exploitableno authentication requiredlow complexity attackaffects control system availabilitymany products have no patch availablewidespread deployment in industrial environments
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (244)
71 with fix120 pending53 EOL
Remediation & Mitigation
0/12
Do now
0/2SCALANCE M876-4 (NAM)
WORKAROUNDFor SINAMICS drives (G120 family, G130, G150, S120, S150) and SITOP power supplies with no patch available, restrict network access to these devices to trusted engineering workstations and control systems only using firewall rules
All products
WORKAROUNDFor SCALANCE X2xx, X3xx, X4xx, XF2xx, XM4xx, XR series with no patch available, disable ethernet ports on these devices and use separate communication modules (such as CP cards) for network connectivity instead
Schedule — requires maintenance window
0/9Patching may require device reboot — plan for process interruption
SCALANCE S615 LAN-Router
HOTFIXUpdate SCALANCE S615 LAN-Router to firmware version 8.3 or later
SIMATIC ET 200SP HA IM155-6 PN
HOTFIXUpdate SIMATIC ET 200SP HA IM155-6 PN to firmware version 1.3 or later
SIMATIC CFU DIQ
HOTFIXUpdate SIMATIC CFU DIQ and CFU PA to version 2.0.0 or later
All products
HOTFIXUpdate RUGGEDCOM RM1224 LTE variants to firmware version 8.3 or later
HOTFIXUpdate SCALANCE M-series routers (M804PB, M812-1, M816-1, M826-2, M874, M876, MUB852-1, MUM853-1, MUM856-1) to firmware version 8.3 or later
HOTFIXUpdate SCALANCE W7xx and W8xx series wireless APs to firmware version 6.6.0 or later
HOTFIXUpdate SCALANCE WAM/WUM/WAB/WUB wireless modules to firmware version 3.2.0 or later
HOTFIXUpdate SIMATIC S7-410 V10 CPU family to version 10.2 or later
HOTFIXUpdate SIMATIC S7-410 V8 CPU family to version 8.3 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: IE/PB LINK HA (6GK1411-5BB00), IE/PB link PN IO (6GK1411-5AB10), SCALANCE W1748-1 M12, SCALANCE W1788-1 M12, SCALANCE W1788-2 EEC M12, SCALANCE W1788-2 M12, SCALANCE W1788-2IA M12, SIMATIC ET 200pro IM 154-8 PN/DP CPU, SIMATIC ET 200pro IM 154-8F PN/DP CPU, SIMATIC ET 200pro IM 154-8FX PN/DP CPU, SIMATIC ET 200S IM 151-8 PN/DP CPU, SIMATIC ET 200S IM 151-8F PN/DP CPU, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMIT UNIT V10, SIMIT UNIT V11, SINAMICS S110, SINUMERIK 840D sl, SIPLUS ET 200S IM 151-8 PN/DP CPU, SIPLUS ET 200S IM 151-8F PN/DP CPU, SIPLUS NET IE/PB link PN IO, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Apply the following compensating controls:
HARDENINGFor SIMATIC S7-300, S7-400, and ET 200 CPUs with no fix planned, implement network segmentation to isolate these devices from untrusted network segments and restrict management access to authorized workstations only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/228ecbc7-ca59-439c-a24d-8662c80133e9Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.