Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent unauthenticated flood (AV:A/PR:N); impact confined to the crashing application which restarts with no data loss, so S:U and only A:H.
Primary rating from Vendor (siemens).
CVSS VectorVendor: siemens
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.
AnalysisAI
Denial of service in Siemens SIMATIC S7-PLCSIM Advanced (all versions) allows an unauthenticated attacker on the same local network segment to exhaust the application's memory by flooding it with high-volume multicast traffic, rendering the PLC simulation instance inaccessible until manually restarted. Exploitation is limited to instances running a specific active project configuration, and no project data is lost. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be positioned on the same local/adjacent network segment as the target (CVSS AV:A) so that multicast traffic reaches the instance, and a specific project configuration must already be active on the targeted SIMATIC S7-PLCSIM Advanced instance - the configuration that enables the vulnerable multicast-handling path - without which the attack does not succeed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, base 7.4) describes an unauthenticated, low-complexity, adjacent-network attack with high availability impact and a claimed scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained access to the local network segment hosting a SIMATIC S7-PLCSIM Advanced instance - for example a contractor laptop or compromised host on an OT/engineering LAN - sends a sustained flood of multicast frames toward the running simulation. Because the application allocates memory for this traffic without limit, memory is exhausted and the simulation becomes unresponsive, disrupting virtual commissioning or automated testing until an operator manually restarts it. … |
| Remediation | No fixed version is specified in the available data; because all versions are listed as affected, treat this as no vendor-released patch version identified at time of analysis and consult Siemens advisory SSA-828211 (https://cert-portal.siemens.com/productcert/html/ssa-828211.html) for the authoritative fixed release and mitigation guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify and inventory all SIMATIC S7-PLCSIM Advanced installations and document their network connectivity; within 7 days, implement network segmentation to isolate development systems hosting affected instances and apply ingress traffic rate limiting and multicast filtering on those network segments; within 30 days, subscribe to Siemens ProductCERT notifications for patch release tracking, establish version-specific patch deployment procedures, and document manual restart recovery protocols to minimize downtime from denial of service incidents.
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Simatic S7 Plcsim Advanced
View allStored cross-site scripting (XSS) in Siemens SIMATIC S7-1500 and ET 200SP controller families allows authenticated attac
Stored cross-site scripting in Siemens SIMATIC S7-1500 controller family web interface allows authenticated high-privile
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Co
Cross-site scripting (XSS) in Siemens SIMATIC S7-1500 PLC family firmware upload interface allows authenticated attacker
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated hig
The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVS
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (i
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43649
GHSA-xhg3-q2f6-w8cg