CVE-2025-40944

Name of the Vulnerable Software and Affected Versions SIMATIC ET 200AL IM 157-1 PN versions (affected versions not specified) SIMATIC ET 200MP IM 155-5 PN HF versions >= V4.2.0 SIMATIC ET 200SP IM 155-6 MF HF versions (affected versions not specified) SIMATIC ET 200SP IM 155-6 PN HA versions < V1.3 SIMATIC ET 200SP IM 155-6 PN R1 versions < V6.0.1 SIMATIC ET 200SP IM 155-6 PN/2 HF versions >= V4.2.0 SIMATIC ET 200SP IM 155-6 PN/3 HF versions < V4.2.2 SIMATIC PN/MF Coupler versions (affected versions not specified) SIMATIC PN/PN Coupler versions < V6.0.0 SIPLUS ET 200MP IM 155-5 PN HF versions >= V4.2.0 SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL versions >= V4.2.0 SIPLUS ET 200SP IM 155-6 PN HF versions >= V4.2.0 SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL versions >= V4.2.0 SIPLUS ET 200SP IM 155-6 PN HF TX RAIL versions >= V4.2.0 SIPLUS NET PN/PN Coupler versions < V6.0.0

Description The devices do not correctly manage S7 protocol session disconnect requests. Receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102 can cause the devices to enter an incorrect session state. This can lead to a denial-of-service condition, requiring a power cycle to restore functionality.

Recommendations SIMATIC ET 200AL IM 157-1 PN: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC ET 200MP IM 155-5 PN HF versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC ET 200SP IM 155-6 MF HF: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC ET 200SP IM 155-6 PN HA versions < V1.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC ET 200SP IM 155-6 PN R1 versions < V6.0.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC ET 200SP IM 155-6 PN/2 HF versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC ET 200SP IM 155-6 PN/3 HF versions < V4.2.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC PN/MF Coupler: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC PN/PN Coupler versions < V6.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIPLUS ET 200MP IM 155-5 PN HF versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIPLUS ET 200SP IM 155-6 PN HF versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIPLUS ET 200SP IM 155-6 PN HF TX RAIL versions >= V4.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIPLUS NET PN/PN Coupler versions < V6.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.