PatchSiren cyber security CVE debrief
CVE-2024-23814 Siemens CVE debrief
CVE-2024-23814 describes a network-reachable denial-of-service condition in the integrated ICMP service used by affected Siemens devices, including SIDOOR ATD430W. Siemens and CISA say an unauthenticated remote attacker can send specially crafted messages that target IP fragment re-assembly and exhaust available memory in the ICMP service. The impact is limited to a temporary ICMP service outage; other communication services are not affected, and devices return to normal once the attack stops.
- Vendor
- Siemens
- Product
- SIDOOR ATD430W
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Operators and maintainers of Siemens SIDOOR ATD430W and other Siemens products listed in the advisory, especially environments that allow ICMP from untrusted networks or have limited perimeter filtering/segmentation.
Technical summary
The advisory states that the integrated ICMP service in the affected network stack can be forced to consume available memory when handling specially crafted messages that target IP fragment re-assembly. The attacker does not need authentication and can act remotely over the network. The reported effect is availability-only: the ICMP service becomes temporarily unavailable, while other communication services continue operating normally. For SIDOOR ATD430W, the advisory lists no vendor fix planned and recommends perimeter packet filtering where feasible.
Defensive priority
Medium; raise to higher priority if the device is reachable from untrusted networks or if ICMP traffic is not tightly filtered.
Recommended defensive actions
- Confirm whether SIDOOR ATD430W or any other Siemens assets in your environment match the affected product list in the advisory.
- Restrict exposure of ICMP to trusted management or operational networks only; block or filter ICMP messages with large payloads at firewalls, routers, or IDS/IPS where viable.
- Segment affected devices so they are not directly reachable from user or external networks.
- Monitor for abnormal ICMP activity or repeated fragmentation-related traffic patterns that could indicate an availability attack.
- Track Siemens and CISA advisories for any future fix or guidance updates; for SIDOOR ATD430W, the current advisory lists no vendor fix planned.
Evidence notes
Source material ties this CVE to Siemens advisory ICSA-25-105-03 / SSA-725549. The advisory says specially crafted messages targeting IP fragment re-assembly can exhaust memory in the integrated ICMP service, that the attacker is unauthenticated and remote, and that the impact is a temporary denial of service limited to ICMP with no effect on other communication services. The source also lists SIDOOR ATD430W among affected products and marks it as currently having no fix planned. CVSS provided in the source is 5.3 / CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Official resources
-
CVE-2024-23814 CVE record
CVE.org
-
CVE-2024-23814 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
First published in the source advisory on 2025-04-08 and modified on 2025-07-10 to clarify affected fixes for other products. Use the advisory publication date for timing context; do not treat later processing dates as the vulnerability's,