CVE-2026-54429 PUBLISHED

Assigner: siemens
Reserved: 15.06.2026 Published: 14.07.2026 Updated: 14.07.2026

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CVSS Score: 6

Product Status

Vendor Siemens
Product SIMATIC S7-PLCSIM Advanced
Versions Default: unknown
  • affected from 0 to * (excl.)

References

Problem Types

  • CWE-770: Allocation of Resources Without Limits or Throttling CWE