PatchSiren cyber security CVE debrief
CVE-2025-40833 Cert Portal CVE debrief
CVE-2025-40833 is a high-severity denial-of-service issue in affected Siemens industrial devices. The advisory says specially crafted IPv4 requests can trigger a null pointer dereference, and recovery requires a manual restart. The CVE was published on 2026-05-12 and modified on 2026-05-14. Because the issue is network reachable and requires no privileges or user interaction, operators should treat exposed or broadly reachable management and control interfaces as urgent hardening targets.
- Vendor
- Cert Portal
- Product
- Siemens IE/PB LINK HA (6GK1411-5BB00) vers:all/* IE/PB link PN IO (6GK1411-5AB10) RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:intdot/<8.3 RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) SCALANCE M804PB (6GK5804-0AP00-2AA2) SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) SCALANCE M874-2 (6GK5874-2AA00-2AA2) SCALANCE M874-3 (6GK5874-3AA00-2AA2) SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) SCALANCE M876-3 (6GK5876-3AA02-2BA2) SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) SCALANCE M876-4 (6GK5876-4AA10-2BA2) SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) SCALANCE SC622-2C (6GK5622-2GS00-2AC2) SCALANCE SC626-2C (6GK5626-2GS00-2AC2) SCALANCE SC632-2C (6GK5632-2GS00-2AC2) SCALANCE SC636-2C (6GK5636-2GS00-2AC2) SCALANCE SC642-2C (6GK5642-2GS00-2AC2) SCALANCE SC646-2C (6GK5646-2GS00-2AC2) SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0) SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0) SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) vers:intdot/<6.6.0 SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT network engineers, plant reliability teams, and security teams responsible for Siemens IE/PB LINK, RUGGEDCOM, and SCALANCE deployments should review this advisory. Sites that allow IPv4 access to the affected devices, especially across routed or shared networks, should prioritize containment and upgrade planning.
Technical summary
The source advisory describes a null pointer dereference in IPv4 request processing. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which aligns with a remotely triggerable availability impact only. The advisory states that a specially crafted IPv4 request can cause a denial-of-service condition and that the system needs a manual restart to recover. Siemens/CISA list multiple affected product families and versions, with a mix of mitigations, vendor fixes, and cases where no fix is currently available or planned.
Defensive priority
High. This is a remotely reachable availability issue with no authentication or user interaction required, and recovery may involve manual intervention. The primary risk is operational disruption rather than data exposure, but in OT environments even temporary loss of communication can affect safety, availability, and process continuity.
Recommended defensive actions
- Identify whether any affected Siemens devices are deployed in your OT environment, using the advisory product list and version constraints.
- Apply vendor updates where available, including the Siemens support releases referenced in the advisory for affected product families.
- Where no fix is available, restrict access to trusted IP addresses only and segment the devices from untrusted networks.
- For applicable devices, disable CPU Ethernet ports and use a communication module for communication as Siemens recommends as a mitigation.
- Monitor for unexpected loss of device responsiveness and be prepared to perform a manual restart if the condition is triggered.
- Review exposure of IPv4-facing interfaces and reduce unnecessary routing, remote access, or lateral reachability to these devices.
- Prioritize systems that are internet-exposed, cross-zone reachable, or operationally critical for production uptime.
Evidence notes
The supplied CISA CSAF source for ICSA-26-134-06 states that affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests, leading to denial of service and requiring a manual restart for recovery. The source metadata shows publication on 2026-05-12 and modification on 2026-05-14. The advisory also includes remediation entries for access restriction, Ethernet-port mitigation, and product-specific vendor fixes or lack of fixes.
Official resources
-
CVE-2025-40833 CVE record
CVE.org
-
CVE-2025-40833 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2026-05-12, with an initial CISA republication update on 2026-05-14. The source advisory references Siemens ProductCERT SSA-392349 and CISA advisory ICSA-26-134-06.