cbcvebase.
CVE-2025-40820
published 2025-12-09

CVE-2025-40820: Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an…

high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Affected

132 ranges· showing 25
VendorProductVersion rangeFixed in
siemenssidoor_atd430w< **
siemenssidoor_ate530g_coated< **
siemenssidoor_ate530s_coated< **
siemenssimatic_cfu_diq< V2.0.0V2.0.0
siemenssimatic_cfu_pa< V2.0.0V2.0.0
siemenssimatic_et_200al_im_157-1_pn< **
siemenssimatic_et_200mp_im_155-5_pn_hf>= V4.2.0 < **
siemenssimatic_et_200pro_im_154-8_pn_dp_cpu< **
siemenssimatic_et_200pro_im_154-8f_pn_dp_cpu< **
siemenssimatic_et_200pro_im_154-8fx_pn_dp_cpu< **
siemenssimatic_et_200s_im_151-8_pn_dp_cpu< **
siemenssimatic_et_200s_im_151-8f_pn_dp_cpu< **
siemenssimatic_et_200sp_cpu_1510sp-1_pn< **
siemenssimatic_et_200sp_cpu_1510sp_f-1_pn< **
siemenssimatic_et_200sp_cpu_1512sp-1_pn< **
siemenssimatic_et_200sp_cpu_1512sp_f-1_pn< **
siemenssimatic_et_200sp_im_155-6_mf_hf< **
siemenssimatic_et_200sp_im_155-6_pn_2_hf>= V4.2.0 < **
siemenssimatic_et_200sp_im_155-6_pn_3_hf>= V4.2.0 < **
siemenssimatic_et_200sp_im_155-6_pn_ha< V1.3V1.3
siemenssimatic_et_200sp_im_155-6_pn_hf>= V4.2.0 < **
siemenssimatic_pn_mf_coupler< **
siemenssimatic_pn_pn_coupler< V6.0.0V6.0.0
siemenssimatic_s7-1200_cpu_1211c_ac_dc_rly< V4.4.0V4.4.0
siemenssimatic_s7-1200_cpu_1211c_dc_dc_dc< V4.4.0V4.4.0