← Back to home
ICSA-12-212-02  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

Siemens SIMATIC S7-400 PN CPU DoS

CVSS 7.8 HIGH

CVEs (1)

Remediations

  • Siemens has released security advisories SSA-589272 and SSA-617264 (http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm) that detail the vulnerabilities in the two SIMATIC S7-400 CPU and the recommended security practices to secure the systems.
  • Siemens provided firmware update V6.0.3CPU 412-2 PN, (http://support.automation.siemens.com/WW/view/en/45645157), CPU 414-3 PN/DP, CPU 414F-3 PN/DP, (http://support.automation.siemens.com/WW/view/en/45645228), CPU 416-3 PN/DP, CPU 416F-3 PN, (http://support.automation.siemens.com/WW/view/en/45645229). that closes the vulnerability affecting the S7-400 V6 by fixing the flawed packet processing implementation.
  • Siemens is not providing a firmware update for SIMATIC S7-400 V5 PN CPUs because this version has reached end-of-life and has been discontinued.

Affected Vendors

Siemens

Affected Products (6)

Siemens · S7-400 CPU family 6.0.1|6.0.2
Siemens · CPU 412-2 PN (6ES7412-2EK06-0AB0) vers:all/*
Siemens · CPU 414-3 PN/DP (6ES7414-3EM06-0AB0) vers:all/*
Siemens · CPU 414F-3 PN/DP (6ES7414-3FM06-0AB0) vers:all/*
Siemens · CPU 416-3 PN/DP (6ES7416-3ES06-0AB0) vers:all/*
Siemens · CPU 416F-3 PN (6ES7416-3FS06-0AB0) vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more