Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (siemens) · only source for this CVE.
CVSS VectorVendor: siemens
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by overwhelming system resources.
AnalysisAI
Siemens SIMATIC CN 4100 versions prior to V5.0 can be rendered unavailable through TCP SYN flood attacks, allowing remote unauthenticated attackers to exhaust system resources and cause complete service disruption. The CVSS 4.0 score of 8.7 reflects the high availability impact (VA:H) combined with network-accessible attack vector requiring no privileges or user interaction. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, though SYN flood techniques are well-documented and trivial to execute.
Technical ContextAI
SIMATIC CN 4100 is an industrial Ethernet communications module used in Siemens automation environments for network connectivity and protocol conversion. The vulnerability stems from CWE-770 (Allocation of Resources Without Limits or Throttling), indicating the device lacks proper rate limiting or resource quotas for handling TCP connection establishment requests. Classic SYN flood attacks exploit the TCP three-way handshake by sending massive volumes of SYN packets without completing connections, forcing the target to maintain half-open connection state in memory until timeout. Industrial control system components like the CN 4100 often prioritize deterministic performance over DDoS mitigation, making them particularly vulnerable to volumetric attacks when exposed to untrusted networks.
RemediationAI
Upgrade SIMATIC CN 4100 firmware to version V5.0 or later as specified in Siemens ProductCERT advisory SSA-032379 available at https://cert-portal.siemens.com/productcert/html/ssa-032379.html. For systems where immediate patching is not feasible, implement network-layer compensating controls: deploy stateful firewalls or industrial DMZ architectures to restrict CN 4100 access to only trusted OT network segments, preventing external or corporate network SYN flood attacks (trade-off: requires network redesign and may impact remote access capabilities). Configure upstream network infrastructure with SYN flood protection mechanisms such as SYN cookies, connection rate limiting, or dedicated DDoS mitigation appliances positioned before the CN 4100 (trade-off: adds complexity and potential points of failure; may impact legitimate high-volume automation traffic if thresholds set incorrectly). Implement network monitoring to detect abnormal SYN packet volumes targeting the device for early attack detection.
More in Simatic Cn 4100
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29424
GHSA-45ff-x9p5-mq3g