PatchSiren cyber security CVE debrief
CVE-2025-24008 Siemens CVE debrief
CVE-2025-24008 affects Siemens SIRIUS 3RK3 Modular Safety System (MSS) and SIRIUS Safety Relays 3SK2. The issue is an information-disclosure weakness: affected devices do not encrypt data in transit, so an attacker with network access may eavesdrop communications and recover sensitive information, including obfuscated safety passwords.
- Vendor
- Siemens
- Product
- SIRIUS 3RK3 Modular Safety System (MSS)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
OT and ICS operators using Siemens SIRIUS 3RK3 MSS or SIRIUS Safety Relays 3SK2, plant engineers, industrial network administrators, and system integrators responsible for PROFINET-connected safety systems.
Technical summary
CISA’s CSAF advisory describes a network-exposed plaintext communication problem in the affected Siemens SIRIUS products. The reported CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating remote network exposure with no privileges required, but requiring user interaction. The impact is confidentiality loss: an attacker who can access the network path may intercept traffic and retrieve sensitive data, including obfuscated safety passwords. The advisory lists mitigation steps rather than a patch for both affected products.
Defensive priority
Medium-High. Prioritize quickly if the devices are reachable from untrusted or shared networks, especially where safety credentials or operational data could be exposed. Because the advisory reports no fix planned for the 3RK3 product and no fix available for 3SK2 at publication time, network containment is the primary defense.
Recommended defensive actions
- Isolate the PROFINET interface so it is not reachable from unauthorized systems.
- Limit physical access to affected devices to trusted personnel only.
- Segment OT networks and restrict access paths to the minimum necessary set of systems.
- Review Siemens and CISA guidance for the advisory and apply any vendor-recommended compensating controls.
- Monitor industrial network traffic for unexpected access to the affected safety-system interfaces.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory record (ICSA-25-135-13 / CVE-2025-24008) and the official Siemens advisory references included in the source corpus. Publication date context is 2025-05-13 for both the CVE and source advisory. The source states that the affected devices do not encrypt data in transit and that no fix is currently planned for SIRIUS 3RK3 MSS while no fix is currently available for SIRIUS Safety Relays 3SK2.
Official resources
-
CVE-2025-24008 CVE record
CVE.org
-
CVE-2025-24008 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and Siemens on 2025-05-13. The source corpus indicates no fix planned for SIRIUS 3RK3 MSS and no fix available for SIRIUS Safety Relays 3SK2 at the time of publication.