Full Report
Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Denial of Service in Siemens Industrial Devices
## CVE Details
- **CVE ID:** CVE-2025-40833
- **CVSS Score:** 7.5 (High) via CVSS v3.1 / 8.7 (High) via CVSS v4.0
- **CWE:** CWE-476 (NULL Pointer Dereference)
## Affected Systems
- **IE/PB LINK HA:** All versions
- **IE/PB Link PN IO (including SIPLUS NET variants):** All versions
- **SCALANCE M-800 Family:** Versions prior to V8.3 (M804PB, M812-1, M816-1)
- **RUGGEDCOM RM1224 Family:** Versions prior to V8.3
- **Other affected series (per summary):** SIMATIC S7-400, SIMIT Unit, SINUMERIK CNC, SITOP PSU8600/UPS1600, SINAMICS converters, and SIMATIC ET 200SP HA.
## Vulnerability Description
The affected industrial devices contain a **NULL pointer dereference** vulnerability within the network stack. The flaw is triggered when the device processes specifically crafted **IPv4 requests**. Because the software does not properly validate the pointers before dereferencing them, the crafted traffic causes a system crash or kernel panic.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild or public PoC provided in advisory).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (The device enters a Denial of Service state and requires a **manual restart** to recover).
## Remediation
### Patches
Siemens recommends updating to the following versions where available:
- **SCALANCE M-800 Family:** Update to V8.3 or later.
- **RUGGEDCOM RM1224 Family:** Update to V8.3 or later.
- **Other Products:** Siemens is preparing further fix versions. Users should monitor the Siemens ProductCERT portal for updates.
### Workarounds
For products where no fix is currently planned (e.g., IE/PB LINK HA) or not yet available:
- Restrict network access to affected devices to trusted IP addresses only.
- Minimize exposure of industrial devices to the internet.
- Implement defense-in-depth strategies and segment the network (e.g., following IEC 62443).
## Detection
- **Indicators of Compromise:** Unexpected device reboots or loss of communication following anomalous IPv4 traffic.
- **Detection Methods:** Monitor network traffic for malformed or non-standard IPv4 packets targeting the management or control interfaces of industrial hardware.
## References
- Siemens Security Advisory SSA-392349: hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-392349[.]html
- Siemens ProductCERT: hxxps://www[.]siemens[.]com/cert/advisories
- Firmware Download Link: hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109989310/