What are the most critical vulnerabilities in the Siemens S7-1500 advisory?

The most critical vulnerabilities include CVE-2023-28531 (CVSS 9.8) for Missing Encryption of Sensitive Data and CVE-2024-45490 (CVSS 9.8) for Incorrect Calculation of Buffer Size. Several other vulnerabilities have CVSS scores of 8.8, including CVE-2023-38545 (Heap-based Buffer Overflow), CVE-2024-2961 (Out-of-bounds Write), and CVE-2024-28085 (Improper Input Validation).

Which specific Siemens S7-1500 models are affected?

The affected models include SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0 and 6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0 and 6ES7518-4FX00-1AC0), and SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0).

What causes these vulnerabilities in Siemens S7-1500 devices?

The vulnerabilities are inherited from third-party components including glibc, OpenSSH, OpenSSL, and curl libraries that are embedded within the Siemens firmware. This demonstrates how supply chain security issues can affect industrial control systems.

Why are these vulnerabilities particularly concerning?

These vulnerabilities are particularly concerning because they affect programmable logic controllers used in critical infrastructure including power grids and factory assembly lines. With over 60 vulnerabilities and multiple critical-severity flaws, successful exploitation could disrupt essential industrial operations globally.

How many vulnerabilities were disclosed in this advisory?

CISA reported over 60 vulnerabilities affecting the Siemens SIMATIC S7-1500 CPU family, with CVSS scores ranging from 3.7 to 9.8. This represents one of the largest single advisories for industrial control system vulnerabilities.

What should organizations do immediately about these vulnerabilities?

Organizations should immediately implement network isolation for affected devices, ensure they are not accessible from the internet, review and strengthen network segmentation, monitor for unusual activity, and follow Siemens' operational guidelines while waiting for security patches to become available.

Advisory

Siemens SIMATIC S7-1500 CPU Family has 63 Vulnerabilities, no current fix available

Q: What did CISA report about Siemens SIMATIC S7-1500 devices?

CISA published a major security advisory reporting over 60 vulnerabilities affecting Siemens SIMATIC S7-1500 CPU family devices. The vulnerabilities span a wide range of security weaknesses inherited from third-party components including glibc, OpenSSH, OpenSSL, and curl libraries embedded within the Siemens firmware.

Q: Which firmware versions are affected by these vulnerabilities?

All Siemens SIMATIC S7-1500 CPU models running firmware version 3.1.5 and prior are affected by these vulnerabilities.

Q: What does Siemens recommend to mitigate these vulnerabilities?

Siemens recommends implementing network access isolation to devices and configuring environments according to Siemens' operational guidelines to reduce exposure while waiting for security patches.

published: June 17, 2025

Take action: This is a huge advisory. If you have Siemens SIMATIC S7-1500 CPU devices in your industrial environment, make sure they are isolated from the internet and external networks. There are no patches available yet. Focus on network segmentation and access controls, and reach out to Siemens for security updates. Then plan a patch cycle.

Learn More

CISA has published a huge security advisory reporting over 60 vulnerabilities affecting Siemens SIMATIC S7-1500 CPU family devices. The vulnerabilities span a wide range of security weaknesses inherited from third-party components including glibc, OpenSSH, OpenSSL, and curl libraries embedded within the Siemens firmware.

These programmable logic controllers (PLCs) are used in automated processes in power grids, factory assembly lines, and other essential industrial operations globally.

Vulnerabilities summary

CVE-2023-28531 (CVSS score 9.8) - Missing Encryption of Sensitive Data
CVE-2024-45490 (CVSS score 9.8) - Incorrect Calculation of Buffer Size
CVE-2023-38545 (CVSS score 8.8) - Heap-based Buffer Overflow
CVE-2024-2961 (CVSS score 8.8) - Out-of-bounds Write
CVE-2024-28085 (CVSS score 8.8) - Improper Input Validation
CVE-2024-6387 (CVSS score 8.1) - Signal Handler Race Condition
CVE-2023-4911 (CVSS score 7.8) - Stack-based Buffer Overflow
CVE-2023-6246 (CVSS score 7.8) - Out-of-bounds Write
CVE-2024-50246 (CVSS score 7.8) - Improper Input Validation
CVE-2024-53166 (CVSS score 7.8) - Use After Free
CVE-2024-33599 (CVSS score 7.6) - Stack-based Buffer Overflow
CVE-2024-6119 (CVSS score 7.5) - Type Confusion
CVE-2023-5363 (CVSS score 7.5) - Incorrect Provision of Specified Functionality
CVE-2023-44487 (CVSS score 7.5) - Uncontrolled Resource Consumption
CVE-2023-6779 (CVSS score 7.5) - Out-of-bounds Write
CVE-2025-31115 (CVSS score 7.5) - Premature Release of Resource During Expected Lifetime
CVE-2024-37370 (CVSS score 7.4) - Improper Handling of Length Parameter Inconsistency
CVE-2024-45491 (CVSS score 7.3) - Integer Overflow or Wraparound
CVE-2024-45492 (CVSS score 7.3) - Integer Overflow or Wraparound
CVE-2021-41617 (CVSS score 7.0) - Missing Encryption of Sensitive Data
CVE-2025-26465 (CVSS score 6.8) - Detection of Error Condition Without Action
CVE-2025-46836 (CVSS score 6.6) - Improper Input Validation
CVE-2023-4527 (CVSS score 6.5) - Out-of-bounds Read
CVE-2023-46218 (CVSS score 6.5) - Improper Input Validation
CVE-2023-51385 (CVSS score 6.5) - OS Command Injection
CVE-2024-37371 (CVSS score 6.5) - Improper Handling of Length Parameter Inconsistency
CVE-2023-4806 (CVSS score 5.9) - Use After Free
CVE-2023-48795 (CVSS score 5.9) - Truncation of Security-relevant Information
CVE-2023-51384 (CVSS score 5.5) - Missing Critical Step in Authentication
CVE-2024-26596 (CVSS score 5.5) - Improper Input Validation
CVE-2024-57977 (CVSS score 5.5) - Improper Locking
CVE-2024-57996 (CVSS score 5.5) - Improper Validation of Array Index
CVE-2024-58005 (CVSS score 5.5) - Improper Input Validation
CVE-2023-6780 (CVSS score 5.3) - Incorrect Calculation of Buffer Size
CVE-2024-12133 (CVSS score 5.3) - Inefficient Algorithmic Complexity
CVE-2024-12243 (CVSS score 5.3) - Inefficient Algorithmic Complexity
CVE-2023-46219 (CVSS score 5.3) - Missing Encryption of Sensitive Data
CVE-2024-33600 (CVSS score 5.3) - NULL Pointer Dereference
CVE-2024-34397 (CVSS score 5.2) - Improper Input Validation
CVE-2024-24855 (CVSS score 5.0) - Race Condition
CVE-2025-4373 (CVSS score 4.8) - Buffer Underwrite
CVE-2025-21701 through CVE-2025-21867 (CVSS scores 4.7-7.0) - Multiple Linux kernel vulnerabilities
CVE-2025-4598 (CVSS score 4.7) - Signal Handler Race Condition
CVE-2023-52927 (CVSS score 4.7) - Improper Input Validation
CVE-2024-33601 (CVSS score 4.0) - Reachable Assertion
CVE-2024-33602 (CVSS score 4.0) - Return of Pointer Value Outside Expected Range
CVE-2023-38546 (CVSS score 3.7) - External Control of File Name or Path

The following Siemens SIMATIC S7-1500 CPU models running firmware version 3.1.5 and prior are affected:

SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)

Siemens has acknowledged the vulnerabilities and is currently preparing fixed versions but reports that no fix is available at this time. The company recommends implementing network access isolation to devices, and configuring environments according to Siemens' operational guidelines.

CISA strongly recommends organizations minimize network exposure for all control system devices, ensuring they are not accessible from the internet.

Siemens SIMATIC S7-1500 CPU Family has 63 Vulnerabilities, no current fix available

Read More
Siemens Patches Critical Code Injection Flaw in SIMATIC …
Critical flaws reported in DrayTek routers, over 700,000 …
Siemens COMOS Affected by Multiple Flaws, at Least …
Telit Cinterion modems vulnerable to Remote Code Execution …
Critical Vulnerabilities Discovered in InSAT MasterSCADA BUK-TS