CISA 2026-05-14

Siemens Industrial Devices

CVE-2025-40833

Machine-generated analysis · WAYSCloud LLM

A single denial-of-service vulnerability (CVE-2025-40833 affects over 20 distinct Siemens industrial network devices. Patches are available for some products, while countermeasures are recommended for others awaiting fixes.

Context

The affected products are Siemens industrial network devices including IE/PB LINK, RUGGEDCOM, and various SCALANCE industrial routers and switches. The advisory states that the vulnerability could allow an attacker to cause a denial-of-service condition. The advisory lists specific part numbers and indicates that many devices require firmware version 8.3 or later to remediate.

Operator considerations

Check: Inventory for affected Siemens industrial devices by part number and firmware version.
Patch: Update to firmware version 8.3 or later where available according to Siemens recommendations.
Isolate: Restrict network access to affected devices where fixes are not yet available.

From Cybersecurity and Infrastructure Security Agency ↗

Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens Industrial Devices are affected:

IE/PB LINK HA (6GK1411-5BB00) vers:all/* (CVE-2025-40833)

IE/PB link PN IO (6GK1411-5AB10) vers:all/* (CVE-2025-40833)

RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:intdot/

Read the full advisory on CISA →