CVE-2025-24510
📋 TL;DR
A vulnerability in Siemens MS/TP Point Pickup Module allows attackers on the same BACnet network to send specially crafted MSTP messages, causing a denial of service that requires a power cycle to restore normal operation. This affects all versions of the MS/TP Point Pickup Module used in building automation systems.
💻 Affected Systems
- Siemens MS/TP Point Pickup Module
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical building automation systems become unavailable, disrupting HVAC, lighting, or security controls until manual power cycling is performed.
Likely Case
Targeted devices become unresponsive, requiring physical intervention to restore functionality, causing operational disruption.
If Mitigated
Network segmentation prevents attackers from reaching vulnerable devices, limiting impact to isolated segments.
🎯 Exploit Status
Exploitation requires BACnet MSTP network access but no authentication; crafting malicious packets is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact Siemens for specific firmware updates
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-668154.html
Restart Required: Yes
Instructions:
1. Contact Siemens support for firmware updates
2. Download updated firmware from Siemens portal
3. Follow vendor instructions to flash firmware
4. Power cycle device after update
🔧 Temporary Workarounds
Network Segmentation
allIsolate BACnet MSTP networks from general corporate networks using firewalls or VLANs
Traffic Filtering
allImplement network controls to filter or monitor suspicious BACnet MSTP traffic
🧯 If You Can't Patch
- Implement strict network access controls to limit BACnet MSTP traffic to authorized sources only
- Monitor network traffic for abnormal MSTP patterns and establish incident response procedures for DoS events
🔍 How to Verify
Check if Vulnerable:
Check device model and firmware version against Siemens advisory; devices running MS/TP Point Pickup Module are vulnerableCheck Version:
Consult Siemens documentation for device-specific version checking commandsVerify Fix Applied:
Verify firmware version has been updated to patched version provided by Siemens📡 Detection & Monitoring
Log Indicators:
- Device logs showing unexpected restarts or communication failures
- BACnet MSTP protocol errors in network monitoring tools
Network Indicators:
- Unusual volume or patterns of BACnet MSTP messages
- MSTP frames with malformed structure targeting specific devices
SIEM Query:
Search for BACnet MSTP protocol anomalies or device unavailability alerts in building management systems