Siemens Sinumerik 840d Sl
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Siemens Sinumerik 840d Sl.
By the Year
In 2026 there have been 1 vulnerability in Siemens Sinumerik 840d Sl with an average score of 7.5 out of ten. Last year, in 2025 Sinumerik 840d Sl had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sinumerik 840d Sl in 2026 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2026 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.50 |
| 2025 | 1 | 7.50 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 7.17 |
| 2019 | 2 | 7.50 |
It may take a day or so for new Sinumerik 840d Sl vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Siemens Sinumerik 840d Sl Security Vulnerabilities
SIEMENS Device Null Pointer Dereference in IPv4 Request Parsing
CVE-2025-40833
7.5 - High
- May 12, 2026
The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.
NULL Pointer Dereference
TCP SeQ Validation Flaw Enables Remote DoS in TCP Services
CVE-2025-40820
7.5 - High
- December 09, 2025
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
Improper Verification of Source of a Communication Channel
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl
CVE-2020-15783
7.5 - High
- November 12, 2020
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
Resource Exhaustion
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl
CVE-2020-15791
6.5 - Medium
- September 09, 2020
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.
Insufficiently Protected Credentials
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl
CVE-2019-18336
7.5 - High
- March 10, 2020
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.
Resource Exhaustion
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
CVE-2019-10923
7.5 - High
- October 10, 2019
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
Resource Exhaustion
Affected devices improperly handle large amounts of specially crafted UDP packets
CVE-2019-10936
7.5 - High
- October 10, 2019
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.
Resource Exhaustion
Specially crafted packets sent to port 161/udp could cause a denial of service condition
CVE-2017-12741
7.5 - High
- December 26, 2017
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Siemens Sinumerik 840d Sl or by Siemens? Click the Watch button to subscribe.
