CVE-2025-24811
Published: 11 February 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24811 is a vulnerability affecting numerous models of SIMATIC S7-1200 CPUs, including the CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), and similar variants up to CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), as well as multiple SIPLUS S7-1200 CPU models such as SIPLUS CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0) and others. These programmable logic controllers (PLCs) from Siemens do not correctly process certain specially crafted packets sent to port 80/tcp.
An unauthenticated attacker with network access to the affected device can exploit this vulnerability by sending the crafted packets, resulting in a denial-of-service condition that disrupts device operation. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-404.
Siemens has published Security Advisory SSA-224824, available at https://cert-portal.siemens.com/productcert/html/ssa-224824.html, which provides details on mitigation and patching for this vulnerability.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated network attackers to send crafted packets to the HTTP service on port 80, directly enabling exploitation of a public-facing application to cause denial-of-service (T1190) via application or system exploitation (T1499.004).