CVE-2026-22924

CRITICAL

SIMATIC CN 4100 < V5.0 - Unauthenticated Resource Exhaustion

Title source: llm

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity.

References (1)

Core 1

Core References

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

Scores

CVSS v3 9.1

EPSS 0.0005

EPSS Percentile 16.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

Siemens/SIMATIC CN 4100 < V5.0

Published May 12, 2026

Tracked Since May 12, 2026