Sinamics G120D
Monthly
Denial of service in Siemens industrial networking equipment allows remote unauthenticated attackers to crash affected devices via specially crafted IPv4 packets, requiring manual restart for recovery. This vulnerability affects over 200 Siemens industrial automation products including SCALANCE switches/routers, SIMATIC PLCs, SINAMICS drives, and RUGGEDCOM devices. CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network-accessible attack vector requiring low complexity and no privileges (AV:N/AC:L/PR:N). No public exploit code or CISA KEV listing identified at time of analysis, though the straightforward network-based attack and widespread product exposure warrant priority patching for operational technology environments where uptime is critical.
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Denial of service in Siemens industrial networking equipment allows remote unauthenticated attackers to crash affected devices via specially crafted IPv4 packets, requiring manual restart for recovery. This vulnerability affects over 200 Siemens industrial automation products including SCALANCE switches/routers, SIMATIC PLCs, SINAMICS drives, and RUGGEDCOM devices. CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network-accessible attack vector requiring low complexity and no privileges (AV:N/AC:L/PR:N). No public exploit code or CISA KEV listing identified at time of analysis, though the straightforward network-based attack and widespread product exposure warrant priority patching for operational technology environments where uptime is critical.
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.