Skip to main content

SIMATIC S7-PLCSIM Advanced CVE-2026-54429

| EUVDEUVD-2026-43649 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-14 siemens GHSA-xhg3-q2f6-w8cg
6.0
CVSS 4.0 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
6.0 HIGH
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Adjacent unauthenticated flood (AV:A/PR:N); impact confined to the crashing application which restarts with no data loss, so S:U and only A:H.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (siemens).

CVSS VectorVendor: siemens

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jul 14, 2026 - 10:22 NVD
HIGH MEDIUM
CVSS changed
Jul 14, 2026 - 10:22 NVD
7.4 (HIGH) 6.0 (MEDIUM)
Analysis Generated
Jul 14, 2026 - 10:16 vuln.today
CVE Published
Jul 14, 2026 - 09:19 cve.org
HIGH 7.4

DescriptionCVE.org

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.

AnalysisAI

Denial of service in Siemens SIMATIC S7-PLCSIM Advanced (all versions) allows an unauthenticated attacker on the same local network segment to exhaust the application's memory by flooding it with high-volume multicast traffic, rendering the PLC simulation instance inaccessible until manually restarted. Exploitation is limited to instances running a specific active project configuration, and no project data is lost. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain foothold on local network segment
Delivery
Identify running S7-PLCSIM Advanced instance with active project config
Exploit
Flood target with high-volume multicast traffic
Execution
Trigger unbounded memory allocation (CWE-770)
Persist
Exhaust application memory
Impact
Simulation becomes inaccessible, requires manual restart

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be positioned on the same local/adjacent network segment as the target (CVSS AV:A) so that multicast traffic reaches the instance, and a specific project configuration must already be active on the targeted SIMATIC S7-PLCSIM Advanced instance - the configuration that enables the vulnerable multicast-handling path - without which the attack does not succeed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, base 7.4) describes an unauthenticated, low-complexity, adjacent-network attack with high availability impact and a claimed scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained access to the local network segment hosting a SIMATIC S7-PLCSIM Advanced instance - for example a contractor laptop or compromised host on an OT/engineering LAN - sends a sustained flood of multicast frames toward the running simulation. Because the application allocates memory for this traffic without limit, memory is exhausted and the simulation becomes unresponsive, disrupting virtual commissioning or automated testing until an operator manually restarts it. …
Remediation No fixed version is specified in the available data; because all versions are listed as affected, treat this as no vendor-released patch version identified at time of analysis and consult Siemens advisory SSA-828211 (https://cert-portal.siemens.com/productcert/html/ssa-828211.html) for the authoritative fixed release and mitigation guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify and inventory all SIMATIC S7-PLCSIM Advanced installations and document their network connectivity; within 7 days, implement network segmentation to isolate development systems hosting affected instances and apply ingress traffic rate limiting and multicast filtering on those network segments; within 30 days, subscribe to Siemens ProductCERT notifications for patch release tracking, establish version-specific patch deployment procedures, and document manual restart recovery protocols to minimize downtime from denial of service incidents.

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy