CVE-2015-5374

EXPLOITED

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2015-5374 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including M. Can Kurnaz, can, including a Metasploit module auxiliary/dos/scada/siemens_siprotec4.

AI-analyzed exploit summary This exploit sends a malformed UDP packet to port 50000 of Siemens SIPROTEC devices with EN100 Ethernet module versions prior to V4.25, causing a denial of service. The payload is a hex-encoded bytearray designed to trigger the vulnerability.

Description

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.

Exploits (3)

exploitdb WORKING POC
by M. Can Kurnaz · pythondoshardware
https://www.exploit-db.com/exploits/44103

This exploit sends a malformed UDP packet to port 50000 of Siemens SIPROTEC devices with EN100 Ethernet module versions prior to V4.25, causing a denial of service. The payload is a hex-encoded bytearray designed to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < V4.25
No auth needed
Prerequisites: Network access to the target device · UDP port 50000 accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by can · remote
https://github.com/can/CVE-2015-5374-DoS-PoC

This repository contains a functional proof-of-concept exploit for CVE-2015-5374, a denial-of-service vulnerability in Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module versions prior to V4.25. The exploit sends a specially crafted UDP packet to port 50000, causing the device to crash and require a manual reboot.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < V4.25
No auth needed
Prerequisites: Network access to the target device on UDP port 50000
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by M. Can Kurnaz · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/scada/siemens_siprotec4.rb

This Metasploit module exploits a denial-of-service vulnerability in Siemens SIPROTEC 4 and SIPROTEC Compact devices by sending a malformed UDP packet to port 50000. The vulnerability (CVE-2015-5374) causes the device to crash, requiring a manual reboot.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25
No auth needed
Prerequisites: Network access to the target device on UDP port 50000
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44103/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75948

Scores

EPSS 0.7450
EPSS Percentile 99.4%

Details

VulnCheck KEV 2017-06-12
CWE
CWE-19
Status published
Products (1)
siemens/siprotec_firmware 4.24
Published Jul 18, 2015
Tracked Since Feb 18, 2026