Denial-of-Service Vulnerability in SIMATIC CN 4100 by Siemens
CVE-2026-22925

8.7HIGH

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-22925?

A resource exhaustion vulnerability exists in the SIMATIC CN 4100 application that is present in all versions prior to V5.0. When exposed to a high volume of TCP SYN packets, the application can be overwhelmed, leading to potential denial-of-service conditions. Attackers exploiting this vulnerability could significantly disrupt services by consuming critical system resources, rendering the application unavailable to legitimate users.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0323...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-22925 Data

JSON