CVE-2025-40944 - Vulnerability Details

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Siemens	Simatic Et 200al Im 157-1 Pn Simatic Et 200mp Im 155-5 Pn Hf Simatic Et 200sp Im 155-6 Mf Hf Simatic Et 200sp Im 155-6 Pn/2 Hf Simatic Et 200sp Im 155-6 Pn/3 Hf Simatic Et 200sp Im 155-6 Pn Ha Simatic Et 200sp Im 155-6 Pn R1 Simatic Pn/mf Coupler Simatic Pn/pn Coupler Siplus Et 200mp Im 155-5 Pn Hf Siplus Et 200mp Im 155-5 Pn Hf T1 Rail Siplus Et 200sp Im 155-6 Pn Hf Siplus Et 200sp Im 155-6 Pn Hf T1 Rail Siplus Et 200sp Im 155-6 Pn Hf Tx Rail Siplus Net Pn/pn Coupler

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-674753.html

History

Wed, 14 Jan 2026 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens simatic Et 200al Im 157-1 Pn Siemens simatic Et 200mp Im 155-5 Pn Hf Siemens simatic Et 200sp Im 155-6 Mf Hf Siemens simatic Et 200sp Im 155-6 Pn/2 Hf Siemens simatic Et 200sp Im 155-6 Pn/3 Hf Siemens simatic Et 200sp Im 155-6 Pn Ha Siemens simatic Et 200sp Im 155-6 Pn R1 Siemens simatic Pn/mf Coupler Siemens simatic Pn/pn Coupler Siemens siplus Et 200mp Im 155-5 Pn Hf Siemens siplus Et 200mp Im 155-5 Pn Hf T1 Rail Siemens siplus Et 200sp Im 155-6 Pn Hf Siemens siplus Et 200sp Im 155-6 Pn Hf T1 Rail Siemens siplus Et 200sp Im 155-6 Pn Hf Tx Rail Siemens siplus Net Pn/pn Coupler
Vendors & Products		Siemens Siemens simatic Et 200al Im 157-1 Pn Siemens simatic Et 200mp Im 155-5 Pn Hf Siemens simatic Et 200sp Im 155-6 Mf Hf Siemens simatic Et 200sp Im 155-6 Pn/2 Hf Siemens simatic Et 200sp Im 155-6 Pn/3 Hf Siemens simatic Et 200sp Im 155-6 Pn Ha Siemens simatic Et 200sp Im 155-6 Pn R1 Siemens simatic Pn/mf Coupler Siemens simatic Pn/pn Coupler Siemens siplus Et 200mp Im 155-5 Pn Hf Siemens siplus Et 200mp Im 155-5 Pn Hf T1 Rail Siemens siplus Et 200sp Im 155-6 Pn Hf Siemens siplus Et 200sp Im 155-6 Pn Hf T1 Rail Siemens siplus Et 200sp Im 155-6 Pn Hf Tx Rail Siemens siplus Net Pn/pn Coupler

Tue, 13 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.
Weaknesses		CWE-400
References		https://cert-portal.siemens.com/productcert/html/ssa-674753.html
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2026-01-13T09:44:05.792Z

Updated: 2026-01-13T17:21:36.848Z

Reserved: 2025-04-16T09:06:15.879Z

Link: CVE-2025-40944

Vulnrichment

Updated: 2026-01-13T17:21:33.216Z

NVD

Status : Awaiting Analysis

Published: 2026-01-13T10:15:58.457

Modified: 2026-01-13T14:03:18.990

Link: CVE-2025-40944

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object