Full Report
SIMATIC S7-1200 CPU family before V4.7 is affected by two denial of service vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Denial of Service in SIMATIC S7-1200 CPUs
## CVE Details
- CVE ID: CVE-2025-24811, CVE-2025-24812
- CVSS Score: 7.5 (CVSS v3.1 High) / 8.7 (CVSS v4.0 High) for CVE-2025-24811; 6.5 (CVSS v3.1 Medium) / 7.1 (CVSS v4.0 Medium) for CVE-2025-24812
- CWE: CWE-404 (Improper Resource Shutdown or Release) for CVE-2025-24811; CWE-1286 (Improper Validation of Syntactic Correctness of Input) for CVE-2025-24812
## Affected Systems
- Products: SIMATIC S7-1200 CPU family (including SIPLUS variants), specifically CPU 1211C (AC/DC/Rly, DC/DC/DC, DC/DC/Rly) and CPU 1212C/1212FC models (part numbers listed in advisory).
- Versions: All versions prior to Version V4.7.
- Configurations: N/A, based on product version.
## Vulnerability Description
This advisory covers two separate Denial of Service (DoS) vulnerabilities:
1. **CVE-2025-24811:** Affected devices do not correctly process certain specially crafted packets sent specifically to TCP Port 80. Successful exploitation may cause a denial of service condition. (CWE-404)
2. **CVE-2025-24812:** Affected devices do not correctly process certain specially crafted packets sent specifically to TCP Port 102. Successful exploitation may cause a denial of service condition. (CWE-1286)
## Exploitation
- Status: Exploitation status not explicitly stated, but PoC details are likely contained within the vendor advisory structure. Given the vectors, assume risk is present.
- Complexity: Low (AC:L for both CVEs, indicating low attack complexity).
- Attack Vector: Network (AV:N for both CVEs).
## Impact
- Confidentiality: No Impact (C:N for both CVEs)
- Integrity: No Impact (I:N for both CVEs)
- Availability: High Impact (A:H for both CVEs)
## Remediation
### Patches
- Update affected SIMATIC S7-1200 CPU firmware to **Version V4.7 or later**.
### Workarounds
- No specific workarounds or compensating controls were explicitly detailed beyond the immediate patching recommendation within the truncated summary, but users should consult the full vendor documentation. General mitigation for industrial controls includes network segmentation and restricting access to management ports (80/tcp and 102/tcp).
## Detection
- Detection methods rely on monitoring network traffic targeted at the control device on TCP ports 80 and 102 for malformed or unexpected packets.
- Indicators of Compromise (IOCs): Device crashes or restarts correlated with network activity on TCP/80 or TCP/102.
## References
- Vendor Advisories: SSA-224824
- Patch Download/Information: hxxps://support.industry.siemens.com/cs/ww/en/view/109976907/
- General Security Information: hxxps://www.siemens.com/industrialsecurity