Simatic Cn 4100
Monthly
Siemens SIMATIC CN 4100 versions prior to V5.0 can be rendered unavailable through TCP SYN flood attacks, allowing remote unauthenticated attackers to exhaust system resources and cause complete service disruption. The CVSS 4.0 score of 8.7 reflects the high availability impact (VA:H) combined with network-accessible attack vector requiring no privileges or user interaction. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, though SYN flood techniques are well-documented and trivial to execute.
Remote unauthenticated attackers can exhaust resources and bypass authentication controls in Siemens SIMATIC CN 4100 versions before V5.0, enabling denial of service conditions and unauthorized actions that compromise system availability and integrity. The vulnerability stems from improper connection validation (CWE-306), allowing network-based exploitation without any user interaction or privileges. Siemens has released V5.0 to address this flaw, documented in security advisory SSA-032379.
Siemens SIMATIC CN 4100 versions prior to V5.0 can be rendered unavailable through TCP SYN flood attacks, allowing remote unauthenticated attackers to exhaust system resources and cause complete service disruption. The CVSS 4.0 score of 8.7 reflects the high availability impact (VA:H) combined with network-accessible attack vector requiring no privileges or user interaction. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis, though SYN flood techniques are well-documented and trivial to execute.
Remote unauthenticated attackers can exhaust resources and bypass authentication controls in Siemens SIMATIC CN 4100 versions before V5.0, enabling denial of service conditions and unauthorized actions that compromise system availability and integrity. The vulnerability stems from improper connection validation (CWE-306), allowing network-based exploitation without any user interaction or privileges. Siemens has released V5.0 to address this flaw, documented in security advisory SSA-032379.