CVE-2025-24510

Vulnerability

Details

The Siemens MS/TP Point Pickup Module in all versions is affected by a denial of service vulnerability (CVE-2025-24510). The root cause is improper handling of specific incoming BACnet MSTP messages. This programming flaw means the device does not correctly validate or process certain MSTP frames, leading to a fault condition when a malicious packet arrives. [1]

Exploitation

An attacker must be on the same BACnet network as the targeted MS/TP Point Pickup Module. No authentication or prior interaction is required – the attacker only needs to send a specially crafted MSTP message to the device. The attack does not require a privileged network position as long as the attacker can communicate over the BACnet MSTP protocol. [1]

Impact

Once the crafted message is processed, the affected module enters a denial of service state. The device becomes unresponsive and stops performing its normal functions. To restore normal operation, a manual power cycle must be performed. There is no mention of data leakage or code execution; the impact is limited to availability. [1]

Mitigation

As of the publication date (2025-05-13), no fix is planned for this vulnerability. Siemens recommends following general security recommendations for BACnet networks, such as network segmentation, monitoring, and restricting access to the MSTP segment. Until a fix becomes available, administrators should rely on workarounds that prevent untrusted devices from sending MSTP messages to the module. [1]