PatchSiren cyber security CVE debrief
CVE-2025-24812 Siemens CVE debrief
CVE-2025-24812 is a denial-of-service issue in multiple Siemens SIMATIC S7-1200 and SIPLUS S7-1200 CPU variants. The advisory says specially crafted packets sent to TCP port 102 are not processed correctly, which could interrupt device availability. Siemens remediation is to update affected products to V4.7 or later.
- Vendor
- Siemens
- Product
- SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT/ICS operators, plant engineers, and security teams responsible for Siemens SIMATIC S7-1200 or SIPLUS S7-1200 controllers, especially where the devices are reachable over the network.
Technical summary
The supplied advisory describes a network-reachable flaw affecting 48 Siemens controller variants in the SIMATIC S7-1200 family and related SIPLUS models. Per the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), exploitation requires network access and low privileges, with no user interaction, and the impact is limited to availability. The vendor states that certain specially crafted packets to port 102/tcp are handled incorrectly, enabling denial of service. Siemens lists remediation as updating to V4.7 or later.
Defensive priority
Medium, with higher urgency for exposed or production controllers. The issue is not listed as known-exploited in the supplied enrichment, but it is network-triggered and can stop device availability, so affected assets should be patched on a prompt schedule.
Recommended defensive actions
- Update affected Siemens SIMATIC S7-1200 and SIPLUS S7-1200 CPU variants to V4.7 or later, per Siemens advisory 109976907 / SSA-224824.
- Verify which deployed controller models and firmware versions are present so you can confirm exposure across the full 48-product affected set.
- Limit access to TCP port 102/tcp to trusted engineering and management hosts, and keep OT networks segmented from broader IT networks.
- Follow CISA ICS recommended practices and defense-in-depth guidance for industrial control environments.
- Validate operational recovery procedures so a controller denial of service can be detected and restored quickly if disruption occurs.
Evidence notes
Source material identifies CVE-2025-24812 in CISA CSAF ICSA-25-044-01, first published on 2025-02-11 and revised on 2025-05-06 for typo fixes only. The issue affects 48 Siemens SIMATIC S7-1200 / SIPLUS S7-1200 CPU variants. The advisory description states that specially crafted packets sent to port 102/tcp are not processed correctly and could cause denial of service. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H with score 6.5.
Official resources
-
CVE-2025-24812 CVE record
CVE.org
-
CVE-2025-24812 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the Siemens/CISA advisory set on 2025-02-11. The supplied source shows a later 2025-05-06 revision that only corrected typos, not the issue scope.