CVE-2025-24008
📋 TL;DR
This vulnerability allows attackers to eavesdrop on unencrypted network communications of Siemens SIRIUS safety systems. Attackers with network access can intercept sensitive information including obfuscated safety passwords. All versions of SIRIUS 3RK3 Modular Safety System and SIRIUS Safety Relays 3SK2 are affected.
💻 Affected Systems
- SIRIUS 3RK3 Modular Safety System (MSS)
- SIRIUS Safety Relays 3SK2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could intercept safety passwords, potentially gaining unauthorized control over safety-critical industrial systems, leading to equipment damage, production disruption, or safety incidents.
Likely Case
Attackers monitoring network traffic could capture sensitive configuration data and safety credentials, enabling reconnaissance for further attacks or unauthorized access to safety systems.
If Mitigated
With proper network segmentation and monitoring, impact is limited to information disclosure without direct system compromise.
🎯 Exploit Status
Exploitation requires network access to monitor traffic but no authentication or special tools beyond network sniffing capabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-222768.html
Restart Required: No
Instructions:
No firmware patch available. Follow Siemens security recommendations including network segmentation and using secure communication protocols where possible.
🔧 Temporary Workarounds
Network Segmentation and Isolation
allPlace affected devices in isolated network segments with strict access controls to limit exposure.
VPN or Encrypted Tunnel Implementation
allDeploy VPNs or encrypted tunnels for all communications involving affected devices.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected devices from untrusted networks
- Deploy network monitoring and intrusion detection systems to detect eavesdropping attempts
🔍 How to Verify
Check if Vulnerable:
Check if SIRIUS 3RK3 MSS or 3SK2 safety relays are deployed and communicating over unencrypted network protocols.Check Version:
Check device firmware version through Siemens engineering tools (TIA Portal, STEP 7)Verify Fix Applied:
Verify network segmentation is properly implemented and no unencrypted communications are accessible from untrusted networks.📡 Detection & Monitoring
Log Indicators:
- Unusual network connection attempts to safety system ports
- Multiple failed authentication attempts
Network Indicators:
- Unencrypted traffic to/from safety system IP addresses on unusual ports
- Network sniffing tools detected in safety network segments
SIEM Query:
source_ip IN (safety_system_ips) AND protocol IN (unencrypted_protocols) AND dest_port NOT IN (expected_ports)