PatchSiren cyber security CVE debrief
CVE-2026-22925 Cert Portal CVE debrief
CVE-2026-22925 describes a network-based denial-of-service condition in Siemens SIMATIC CN 4100 versions before 5.0. According to the CISA-republished Siemens advisory, high volumes of TCP SYN packets can exhaust system resources and render the service unavailable. The safest response is to update to V5.0 or later and apply layered OT network protections while the fix is deployed.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT/ICS operators, Siemens SIMATIC CN 4100 owners, plant network administrators, and defenders responsible for availability of industrial communications services.
Technical summary
The advisory states that the affected application is susceptible to resource exhaustion when subjected to a high volume of TCP SYN packets. The vulnerability is network reachable and requires no privileges or user interaction, with an availability impact only (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The source remediation is to update to V5.0 or later. Because the issue is a resource exhaustion/denial-of-service condition, compensating controls that reduce exposure to unsolicited network traffic are relevant until remediation is complete.
Defensive priority
High. The CVSS score is 7.5 and the impact is service availability loss in an industrial context, where downtime can affect operations. Prioritize patching or upgrading affected devices and deploy network protections promptly if immediate remediation is not possible.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later, per the vendor remediation.
- Restrict exposure of the affected service to trusted management and control networks only.
- Use firewalling or segmentation to limit unsolicited TCP SYN traffic toward the device.
- Monitor for abnormal SYN rates or connection-setup spikes on affected network paths.
- Apply CISA and vendor recommended ICS defense-in-depth practices while remediation is pending.
Evidence notes
This debrief is based on the CISA CSAF republishing of Siemens ProductCERT advisory SSA-032379, published 2026-05-12 and republished 2026-05-14. The advisory metadata names the product as Siemens SIMATIC CN 4100 and the vulnerability description as TCP SYN-driven resource exhaustion leading to denial of service. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The only documented remediation in the supplied corpus is to update to version 5.0 or later.
Official resources
-
CVE-2026-22925 CVE record
CVE.org
-
CVE-2026-22925 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2026-05-12 and republished by CISA on 2026-05-14 with Siemens ProductCERT advisory SSA-032379. No KEV listing is provided in the supplied corpus.