Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM Advanced by Siemens
CVE-2026-54429

6MEDIUM

Key Information:

Vendor

Siemens

Vendor
CVE Published:
14 July 2026

What is CVE-2026-54429?

A vulnerability has been discovered in the SIMATIC S7-PLCSIM Advanced application that fails to adequately manage high-volume multicast network traffic. This oversight can lead to memory resource exhaustion within the application, resulting in a denial-of-service condition. An attacker on the local network segment can exploit this vulnerability, causing the application to become inaccessible and necessitating a manual restart, although no project data is lost in the process. To successfully exploit this vulnerability, the attacker must have a specific project configuration active on the targeted instance.

Affected Version(s)

SIMATIC S7-PLCSIM Advanced 0

References

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.