Denial of Service Vulnerability in SCALANCE Products by Siemens
CVE-2024-23814

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sidoor Atd430w; Sidoor Ate530g Coated; Sidoor Ate530s Coated; Simatic Cfu Diq
Vendor: CVE Published:; 11 February 2025

What is CVE-2024-23814?

A denial of service vulnerability exists in the SCALANCE series of network devices from Siemens. When affected devices receive specially crafted packets targeting ICMP fragment re-assembly, they can exhaust their memory resources. This condition may be exploited by an unauthenticated remote attacker, leading to a temporary denial of service of the ICMP service. However, other communication services remain unaffected. Once the attack subsides, the devices will return to normal operation.

Affected Version(s)

SIDOOR ATD430W 0

SIDOOR ATE530G COATED 0

SIDOOR ATE530S COATED 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7690...

https://cert-portal.siemens.com/productcert/html/ssa-7255...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 22, 2024