THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesMay 14, 2026

Siemens Industrial Devices

Siemens industrial devices contain null pointer dereference vulnerability enabling denial of service via crafted IPv4

Read at source

Summary

Siemens disclosed CVE-2025-40833, a null pointer dereference vulnerability affecting 200+ industrial networking and control devices including SCALANCE routers, SIMATIC CPUs, and SINAMICS drives. The flaw allows remote attackers to trigger denial of service by sending specially crafted IPv4 requests, requiring manual system restart for recovery. Patches are available for most products with version updates to 6.6.0, 8.3, or later depending on device family; some products have no fix planned pending further development.

Full text

ICS Advisory Siemens Industrial Devices Release DateMay 14, 2026 Alert CodeICSA-26-134-06 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF Summary Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Industrial Devices are affected: IE/PB LINK HA (6GK1411-5BB00) vers:all/* (CVE-2025-40833) IE/PB link PN IO (6GK1411-5AB10) vers:all/* (CVE-2025-40833) RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:intdot/<8.3 (CVE-2025-40833) RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M804PB (6GK5804-0AP00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M874-2 (6GK5874-2AA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M874-3 (6GK5874-3AA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M876-3 (6GK5876-3AA02-2BA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M876-4 (6GK5876-4AA10-2BA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) vers:intdot/<8.3 (CVE-2025-40833) SCALANCE SC622-2C (6GK5622-2GS00-2AC2) vers:all/* (CVE-2025-40833) SCALANCE SC626-2C (6GK5626-2GS00-2AC2) vers:all/* (CVE-2025-40833) SCALANCE SC632-2C (6GK5632-2GS00-2AC2) vers:all/* (CVE-2025-40833) SCALANCE SC636-2C (6GK5636-2GS00-2AC2) vers:all/* (CVE-2025-40833) SCALANCE SC642-2C (6GK5642-2GS00-2AC2) vers:all/* (CVE-2025-40833) SCALANCE SC646-2C (6GK5646-2GS00-2AC2) vers:all/* (CVE-2025-40833) SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0) vers:all/* (CVE-2025-40833) SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0) vers:all/* (CVE-2025-40833) SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) vers:all/* (CVE-2025-40833) SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) vers:all/* (CVE-2025-40833) SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) vers:all/* (CVE-2025-40833) SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) vers:all/* (CVE-2025-40833) SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) vers:intdot/<6.6.0 (CVE-2025-40833) SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) vers:intdot/<3.2.0 (CVE-2025-40833) SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) vers:intdot/<3.2.0 (CVE-2025-40833) SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) vers:intdot/<3.2.0 (CVE-2025-40833) SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) vers:intdot/<3.2.0 (CVE-2025-40833) SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) vers:intdot/<3.2.0

Indicators of Compromise

  • cve — CVE-2025-40833

Entities

Siemens (vendor)SCALANCE industrial routers and switches (product)SIMATIC S7 and ET 200 CPU series (product)SINAMICS variable frequency drives (product)PROFINET industrial networking protocol (technology)