CVE-2025-40820

Description

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

CVSS breakdown

Affected products

• Siemens / SIDOOR ATD430W0 – *
• Siemens / SIDOOR ATE530G COATED0 – *
• Siemens / SIDOOR ATE530S COATED0 – *
• Siemens / SIMATIC CFU DIQ0 – V2.0.0
• Siemens / SIMATIC CFU PA0 – V2.0.0
• Siemens / SIMATIC ET 200AL IM 157-1 PN0 – *
• Siemens / SIMATIC ET 200clean, CM 8x IO-Link0 – *
• Siemens / SIMATIC ET 200clean, DI 16x24VDC0 – *
• Siemens / SIMATIC ET 200clean, DIQ 16x24VDC/0,5A0 – *
• Siemens / SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, CM 4x IO-Link, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, CM 8x IO-Link, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, DI 16x24VDC, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, DI 8x24VDC, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-LV5.1.1 – *
• Siemens / SIMATIC ET 200MP IM 155-5 PN HFV4.2.0 – *
• Siemens / SIMATIC ET 200pro IM 154-8F PN/DP CPU0 – *
• Siemens / SIMATIC ET 200pro IM 154-8FX PN/DP CPU0 – *
• Siemens / SIMATIC ET 200pro IM 154-8 PN/DP CPU0 – *
• Siemens / SIMATIC ET 200S IM 151-8F PN/DP CPU0 – *
• Siemens / SIMATIC ET 200S IM 151-8 PN/DP CPU0 – *
• Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN0 – *
• Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN0 – *
• Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN0 – *
• Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN0 – *
• Siemens / SIMATIC ET 200SP IM 155-6 MF HF0 – *
• Siemens / SIMATIC ET 200SP IM 155-6 PN/2 HFV4.2.0 – *
• Siemens / SIMATIC ET 200SP IM 155-6 PN/3 HFV4.2.0 – *
• Siemens / SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)0 – V1.3
• Siemens / SIMATIC ET 200SP IM 155-6 PN HFV4.2.0 – *
• Siemens / SIMATIC PN/MF Coupler0 – *
• Siemens / SIMATIC PN/PN Coupler0 – V6.0.0
• Siemens / SIMATIC Power Line Booster PLB, Base Module0 – *
• Siemens / SIMATIC Power Line Booster PLB, Modem Module ST0 – *
• Siemens / SIMATIC S7-1200 CPU 1211C AC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1211C DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1211C DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1212C AC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1212C DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1212C DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1212FC DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1212FC DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1214C AC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1214C DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1214C DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1214FC DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1214FC DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1215C AC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1215C DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1215C DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1215FC DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1215FC DC/DC/Rly0 – V4.4.0
• Siemens / SIMATIC S7-1200 CPU 1217C DC/DC/DC0 – V4.4.0
• Siemens / SIMATIC S7-1500 CPU 1511-1 PN0 – *
• Siemens / SIMATIC S7-1500 CPU 1511F-1 PN0 – *
• Siemens / SIMATIC S7-1500 CPU 1513-1 PN0 – *
• Siemens / SIMATIC S7-1500 CPU 1513F-1 PN0 – *
• Siemens / SIMATIC S7-1500 CPU 1515-2 PN0 – *
• Siemens / SIMATIC S7-1500 CPU 1515F-2 PN0 – *
• Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DP0 – *
• Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DP0 – *
• Siemens / SIMATIC S7-200 SMART CPU CR400 – *
• Siemens / SIMATIC S7-200 SMART CPU CR600 – *
• Siemens / SIMATIC S7-200 SMART CPU SR200 – *
• Siemens / SIMATIC S7-200 SMART CPU SR300 – *
• Siemens / SIMATIC S7-200 SMART CPU SR400 – *
• Siemens / SIMATIC S7-200 SMART CPU SR600 – *
• Siemens / SIMATIC S7-200 SMART CPU ST200 – *
• Siemens / SIMATIC S7-200 SMART CPU ST300 – *
• Siemens / SIMATIC S7-200 SMART CPU ST400 – *
• Siemens / SIMATIC S7-200 SMART CPU ST600 – *
• Siemens / SIMATIC S7-300 CPU 314C-2 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 315-2 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 315F-2 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 315T-3 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 317-2 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 317F-2 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 317T-3 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 317TF-3 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 319-3 PN/DP0 – *
• Siemens / SIMATIC S7-300 CPU 319F-3 PN/DP0 – *
• Siemens / SIMATIC S7-400 CPU 412-2 PN V70 – *
• Siemens / SIMATIC S7-400 CPU 414-3 PN/DP V70 – *
• Siemens / SIMATIC S7-400 CPU 414F-3 PN/DP V70 – *
• Siemens / SIMATIC S7-400 CPU 416-3 PN/DP V70 – *
• Siemens / SIMATIC S7-400 CPU 416F-3 PN/DP V70 – *
• Siemens / SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)0 – *
• Siemens / SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)0 – V10.2
• Siemens / SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)0 – V8.3
• Siemens / SIMATIC TDC CP51M10 – *
• Siemens / SIMATIC TDC CPU5550 – *
• Siemens / SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)0 – *
• Siemens / SIMOCODE pro V PROFINET0 – *
• Siemens / SINUMERIK 840D sl0 – *
• Siemens / SIPLUS ET 200MP IM 155-5 PN HFV4.2.0 – *
• Siemens / SIPLUS ET 200MP IM 155-5 PN HF T1 RAILV4.2.0 – *
• Siemens / SIPLUS ET 200S IM 151-8F PN/DP CPU0 – *
• Siemens / SIPLUS ET 200S IM 151-8 PN/DP CPU0 – *
• Siemens / SIPLUS ET 200SP CPU 1512SP F-1 PN0 – *
• Siemens / SIPLUS ET 200SP IM 155-6 PN HFV4.2.0 – *
• Siemens / SIPLUS ET 200SP IM 155-6 PN HF T1 RAILV4.2.0 – *
• Siemens / SIPLUS ET 200SP IM 155-6 PN HF TX RAILV4.2.0 – *
• Siemens / SIPLUS HCS4200 CIM42100 – *
• Siemens / SIPLUS HCS4200 CIM4210C0 – *
• Siemens / SIPLUS HCS4300 CIM43100 – *
• Siemens / SIPLUS NET PN/PN Coupler0 – V6.0.0
• Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1212C AC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1212C DC/DC/DC0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1212 DC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214C AC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214C DC/DC/DC0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214C DC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214 DC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214FC DC/DC/DC0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1214FC DC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1215C AC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1215C DC/DC/DC0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1215 DC/DC/DC0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1215 DC/DC/RLY0 – V4.4.0
• Siemens / SIPLUS S7-1200 CPU 1215FC DC/DC/DC0 – V4.4.0
• Siemens / SIPLUS S7-1500 CPU 1511-1 PN0 – *
• Siemens / SIPLUS S7-1500 CPU 1511F-1 PN0 – *
• Siemens / SIPLUS S7-1500 CPU 1513-1 PN0 – *
• Siemens / SIPLUS S7-1500 CPU 1513F-1 PN0 – *
• Siemens / SIPLUS S7-1500 CPU 1516-3 PN/DP0 – *
• Siemens / SIPLUS S7-1500 CPU 1516F-3 PN/DP0 – *
• Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP0 – *
• Siemens / SIPLUS S7-300 CPU 315-2 PN/DP0 – *
• Siemens / SIPLUS S7-300 CPU 315F-2 PN/DP0 – *
• Siemens / SIPLUS S7-300 CPU 317-2 PN/DP0 – *
• Siemens / SIPLUS S7-300 CPU 317F-2 PN/DP0 – *
• Siemens / SIPLUS S7-400 CPU 414-3 PN/DP V70 – *
• Siemens / SIPLUS S7-400 CPU 416-3 PN/DP V70 – *
• Siemens / SIWAREX WP2310 – *
• Siemens / SIWAREX WP2410 – *
• Siemens / SIWAREX WP2510 – *
• Siemens / SIWAREX WP521 ST0 – *
• Siemens / SIWAREX WP522 ST0 – *

References

• MISChttps://cert-portal.siemens.com/productcert/html/ssa-915282.html