Full Report
MS/TP Point Pickup Module devices are affected by a denial of service vulnerability that could be triggered by an attacker residing in the same BACnet network by sending a specially crafted MSTP message. A power cycle is required to restore the device’s normal operation. Siemens recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Denial of Service in Siemens MS/TP Point Pickup Module via Crafted MSTP Message
## CVE Details
- CVE ID: CVE-2025-24510
- CVSS Score: 7.1 (High) based on v4.0; 6.5 (Medium) based on v3.1
- CWE: CWE-20: Improper Input Validation
## Affected Systems
- Products: MS/TP Point Pickup Module
- Versions: All versions affected by CVE-2025-24510
- Configurations: Device must be reachable on the same BACnet network.
## Vulnerability Description
Affected devices improperly handle specific incoming BACnet MSTP messages. An attacker on the same BACnet network can send a specially crafted MSTP message that causes the targeted device to enter a denial of service (DoS) state. Normal operation requires a physical power cycle to restore the device. The underlying condition is related to improper input validation of the received messages.
## Exploitation
- Status: Not directly stated if exploited in the wild, but vulnerability details are public. No official PoC availability mentioned.
- Complexity: Low (CVSS AC:L)
- Attack Vector: Adjacent (Requires presence on the same BACnet network)
## Impact
- Confidentiality: No Impact (N)
- Integrity: No Impact (N)
- Availability: High Impact (H - Device becomes unresponsive, requiring power cycle)
## Remediation
### Patches
- Currently no fix is planned for this vulnerability.
### Workarounds
- Follow the General Security Recommendations provided by Siemens.
- **Mitigation Strategy:** Protect network access to affected products with appropriate mechanisms (e.g., network segmentation, access controls). Run the devices in a protected IT environment.
## Detection
- **Indicators of Compromise:** Unexpected device unavailability or failure requiring a physical power cycle.
- **Detection methods and tools:** Monitoring BACnet network traffic for unusual or malformed MSTP messages targeting these devices (Advanced network traffic analysis required).
## References
- Siemens Advisory: SSA-668154 (pub date 2025-05-13)
- Siemens ProductCERT Advisories: hxxps://www.siemens.com/cert/advisories
- Terms of Use: hxxps://www.siemens.com/productcert/terms-of-use