{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-22925/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-22925"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["SIMATIC CN 4100 (\u003c V5.0)"],"_cs_severities":["medium"],"_cs_tags":["dos","resource-exhaustion","cve-2026-22925"],"_cs_type":"advisory","_cs_vendors":["Siemens AG"],"content_html":"\u003cp\u003eSiemens SIMATIC CN 4100 is vulnerable to a resource exhaustion attack (CVE-2026-22925) affecting all versions prior to V5.0. An attacker can exploit this vulnerability by sending a high volume of TCP SYN packets to the affected device. This leads to the exhaustion of system resources, ultimately causing a denial-of-service (DoS) condition. Successful exploitation renders the SIMATIC CN 4100 service unavailable, impacting operational continuity. This vulnerability is a significant concern for organizations relying on SIMATIC CN 4100 for critical network functions, as it can disrupt services and potentially lead to financial or operational losses.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a SIMATIC CN 4100 device running a version prior to V5.0.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a TCP connection with the target device.\u003c/li\u003e\n\u003cli\u003eThe attacker floods the target with a high volume of TCP SYN packets.\u003c/li\u003e\n\u003cli\u003eThe device attempts to allocate resources for each incoming SYN packet.\u003c/li\u003e\n\u003cli\u003eDue to the high volume, the device\u0026rsquo;s memory and CPU resources are rapidly consumed.\u003c/li\u003e\n\u003cli\u003eThe device becomes unresponsive to legitimate requests.\u003c/li\u003e\n\u003cli\u003eThe SIMATIC CN 4100 service becomes unavailable.\u003c/li\u003e\n\u003cli\u003eA denial-of-service condition is achieved, disrupting network operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-22925 results in a denial-of-service condition on the SIMATIC CN 4100 device. This can disrupt network operations and potentially lead to financial losses due to downtime. The number of affected devices and sectors is unknown, but any organization using vulnerable versions of SIMATIC CN 4100 is at risk. If the attack succeeds, critical network functions may be unavailable, leading to operational disruptions and potential safety concerns.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SIMATIC CN 4100 to version V5.0 or later to patch CVE-2026-22925, as per the Siemens advisory.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on network devices to mitigate the impact of TCP SYN floods, as the vulnerability is triggered by a high volume of SYN packets.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious TCP SYN Flood\u003c/code\u003e to identify potential exploitation attempts targeting SIMATIC CN 4100 devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T10:20:17Z","date_published":"2026-05-12T10:20:17Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-22925/","summary":"Siemens SIMATIC CN 4100 versions before V5.0 are vulnerable to resource exhaustion due to processing a high volume of TCP SYN packets, leading to a denial-of-service condition.","title":"CVE-2026-22925: Siemens SIMATIC CN 4100 Resource Exhaustion via TCP SYN Flood","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-22925/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-22925","version":"https://jsonfeed.org/version/1.1"}