CVE-2026-22924 Cert Portal CVE debrief

Who should care

OT/ICS operators, plant engineers, and security teams responsible for Siemens SIMATIC CN 4100 deployments, especially any environment running versions earlier than V5.0.

Technical summary

The advisory describes insufficient restriction of unauthenticated connections in Siemens SIMATIC CN 4100 vers:intdot/<5.0. The disclosed impact is resource exhaustion, which can degrade or halt service, and the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) indicates network-reachable impact with no privileges required. The vendor remediation is to update to V5.0 or later.

Defensive priority

Immediate. This is a CVSS 9.1 critical issue with network exposure and no authentication requirement, so affected environments should prioritize remediation and exposure reduction now.

Recommended defensive actions

• Update Siemens SIMATIC CN 4100 to V5.0 or later as recommended by the vendor.
• Identify all deployed instances of SIMATIC CN 4100 and confirm whether any are running versions earlier than V5.0.
• Restrict network access to the affected application to trusted management and operational hosts only.
• Segment OT/ICS networks to reduce exposure from untrusted or broader enterprise networks.
• Monitor for abnormal connection volume, service degradation, or signs of resource exhaustion.
• Review Siemens and CISA ICS recommended practices to harden affected environments.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-26-134-10, which republishes Siemens ProductCERT advisory SSA-032379. The source metadata lists CVE-2026-22924, product names including Siemens SIMATIC CN 4100, and the vendor remediation to update to V5.0 or later. Published and modified dates used here are 2026-05-12 and 2026-05-14, respectively.

Official resources