A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00112.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Siemens SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) unknown
Version Status Constraints
0 affected
< V2.0.3
Siemens SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) unknown
Version Status Constraints
0 affected
< V2.0.3

No data.

No data.

Vendor Product Confidence Versions
Siemens Simatic
Siemens Simatic S7-1200
Siemens Simatic S7-1200 Cpu

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors Products
Siemens Subscribe
Simatic Subscribe
Simatic S7-1200 Subscribe
Simatic S7-1200 Cpu Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://cert-portal.siemens.com/productcert/html/ssa-625789.html cve-icon cve-icon
History

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simatic
Siemens simatic S7-1200
Siemens simatic S7-1200 Cpu
Vendors & Products Siemens
Siemens simatic
Siemens simatic S7-1200
Siemens simatic S7-1200 Cpu

Tue, 14 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Oct 2025 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2025-10-14T18:57:37.446Z

Reserved: 2025-05-22T04:58:58.075Z

Link: CVE-2011-20001

cve-icon Vulnrichment

Updated: 2025-10-14T18:57:33.007Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-14T10:15:32.457

Modified: 2025-10-14T19:36:29.240

Link: CVE-2011-20001

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-21T09:42:55Z

Weaknesses