A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.
| Vendor | Product | Versions |
|---|---|---|
| siemens | simatic s7-plcsim advanced | 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| siemens | simatic s7 | cert_advisory | 90% |
Updated description with new details about the Project Configuration Handler and confirmed that no exploit is available.
Initial creation