Description
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions.
This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity.
Published: 2026-05-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that the vulnerability in Siemens SIMATIC CN 4100 occurs because the system fails to enforce authentication for clients that attempt to connect. As a result, unauthenticated users can send requests that consume significant system resources, leading to a denial of service condition and possibly allowing unauthorized commands to be executed. This weakness maps to CWE-306, Improper Restriction of Resources, and carries the risk of impacting both system availability and integrity.

Affected Systems

The affected product is Siemens SIMATIC CN 4100, all build versions prior to V5.0. This includes the entire range of versions that do not implement authentication thereby exposing the device to potential resource exhaustion attacks.

Risk and Exploitability

With a CVSS score of 8.8 the vulnerability is considered high severity. The EPSS score is not available, but the lack of public exploit code and the fact that the device does not require any privileged access suggest that exploitation is likely remote through unauthenticated network traffic. Based on the description, it is inferred that the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed large-scale attacks have been reported. Nevertheless, an attacker who discovers the device on the network can intentionally consume resources and disrupt operations, and may leverage the same unauthenticated access for further unauthorized actions if the system lacks strict access controls.

Generated by OpenCVE AI on May 12, 2026 at 10:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or limit network access to the SIMATIC CN 4100 by configuring firewall rules or ACLs to allow only trusted IP addresses or VPN connections.
  • Apply any available Siemens firmware or software updates that address authentication checks on the device.
  • Enable monitoring of CPU and memory usage on the SIMATIC CN 4100, and set alerts for sudden spikes that could indicate a resource exhaustion attack.

Generated by OpenCVE AI on May 12, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Resource Exhaustion in Siemens SIMATIC CN 4100

Tue, 12 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simatic Cn 4100
Vendors & Products Siemens
Siemens simatic Cn 4100

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity.
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Simatic Cn 4100
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-12T08:20:55.135Z

Reserved: 2026-01-13T15:21:45.768Z

Link: CVE-2026-22924

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:43.917

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-22924

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T11:00:07Z

Weaknesses