Simatic et 200mp im 155-5 pn hf

This hub aggregates every CVE we track for Simatic et 200mp im 155-5 pn hf, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Simatic et 200mp im 155-5 pn hf.

• CVE-2025-40944A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 20...7.5Jan 13, 2026
• CVE-2025-40820Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to in...7.5Dec 9, 2025
• CVE-2024-23814The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-asse...5.3Feb 11, 2025
• CVE-2022-25622The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could...5.3Apr 12, 2022
• CVE-2019-19300A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE...7.5Apr 14, 2020
• CVE-2019-13946Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could ...7.5Feb 11, 2020
• CVE-2019-10923An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.7.5Oct 10, 2019
• CVE-2019-10936Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.7.5Oct 10, 2019
• CVE-2017-12741Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.7.5Dec 26, 2017
• CVE-2017-2681Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to ...6.5May 11, 2017
• CVE-2017-2680Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the s...6.5May 11, 2017