Siemens Simatic Et 200Sp Im 155-6 Mf Hf vulnerabilities
5 known vulnerabilities affecting siemens/simatic_et_200sp_im_155-6_mf_hf.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-40944HIGHCVSS 8.7fixed in *2026-01-13
CVE-2025-40944 [HIGH] CWE-400 CVE-2025-40944: A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versio
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions = V4.2.0), SIMATIC ET 200SP IM
cvelistv5nvd
CVE-2025-40820HIGHCVSS 8.7fixed in *2025-12-09
CVE-2025-40820 [HIGH] CWE-940 CVE-2025-40820: Affected products do not properly enforce TCP sequence number validation in specific scenarios but a
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addres
cvelistv5nvd
CVE-2024-23814MEDIUMCVSS 6.9fixed in *2025-02-11
CVE-2024-23814 [MEDIUM] CWE-400 CVE-2024-23814: The integrated ICMP service of the network stack of affected devices can be forced to exhaust its a
The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication service
cvelistv5nvd
CVE-2022-25622HIGHCVSS 7.5fixed in *2022-04-12
CVE-2022-25622 [HIGH] CWE-400 CVE-2022-25622: The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.
This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.
cvelistv5nvd
CVE-2019-19300HIGHCVSS 7.5fixed in *2020-04-14
CVE-2019-19300 [HIGH] CWE-400 CVE-2019-19300: A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, De
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 20
cvelistv5nvd