Primary

Context

Siemens SIMATIC S7-1200 Web Server Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Siemens SIMATIC S7-1200 CPU V1 and V2 families, including SIPLUS variants, all versions prior to V2.0.3. The issue arises because the web server interface improperly handles incoming malformed HTTP traffic at a high rate. This flaw could enable an unauthenticated remote attacker to force the device into a stop or defect state, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the device to enter a stop or defect state, disrupting normal operations and communication.

Remediation

Siemens recommends updating to the latest version. If an update is not possible, the web server can be disabled, if feasible.

Added: Oct 14, 2025, 11:25 AM

Updated: Oct 14, 2025, 11:25 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SIMATIC S7-1200 Web Server Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SIMATIC S7-1200 CPU V1

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating