CVE-2024-35292 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-200 SMART programmable logic controllers in industrial control system environments, particularly those with internet-facing or broadly networked deployments. Asset owners in manufacturing, water/wastewater, energy, and other critical infrastructure sectors using these devices should prioritize network segmentation and access controls.

Technical summary

The vulnerability stems from the use of predictable IP ID sequence numbers in Siemens SIMATIC S7-200 SMART CPU devices. IP ID fields are used in IP packet fragmentation; predictable values enable attacks such as idle scanning, OS fingerprinting, and denial of service through IP spoofing and fragmentation attacks. The CVSS score of 8.2 reflects high availability impact with network accessibility and low attack complexity. Eighteen distinct CPU models across CR, SR, and ST series are affected. Siemens has classified this as 'no fix planned,' indicating that affected organizations must rely on compensating controls rather than patches.

Defensive priority

HIGH

Recommended defensive actions

• Restrict network access to affected Siemens SIMATIC S7-200 SMART CPU devices using strict access control mechanisms
• Segment affected devices from untrusted networks
• Monitor network traffic for anomalous patterns targeting IP ID sequence prediction
• Apply defense-in-depth strategies per CISA ICS recommended practices
• Review Siemens Security Advisory SSA-481506 for additional vendor guidance

Evidence notes

The vulnerability description and affected product list are derived from CISA CSAF advisory ICSA-24-165-02, which references Siemens Security Advisory SSA-481506. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:T/RC:C indicates network attack vector, low attack complexity, no privileges required, no user interaction, with high availability impact.

Official resources