TCP SeQ Validation Flaw Enables Remote DoS in TCP Services
CVE-2025-40820 Published on December 9, 2025

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

NVD

Weakness Type

Improper Verification of Source of a Communication Channel

The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.

Products Associated with CVE-2025-40820

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-40820 are published in Siemens Sinumerik 840d Sl:

Siemens Sinumerik 840d Sl

Affected Versions

Siemens SIDOOR ATD430W:

Before * is affected.

Siemens SIDOOR ATE530G COATED:

Before * is affected.

Siemens SIDOOR ATE530S COATED:

Before * is affected.

Siemens SIMATIC CFU DIQ:

Before V2.0.0 is affected.

Siemens SIMATIC CFU PA:

Before V2.0.0 is affected.

Siemens SIMATIC CFU PA:

Before V2.0.0 is affected.

Siemens SIMATIC ET 200AL IM 157-1 PN:

Before * is affected.

Siemens SIMATIC ET 200clean, CM 8x IO-Link:

Before * is affected.

Siemens SIMATIC ET 200clean, DI 16x24VDC:

Before * is affected.

Siemens SIMATIC ET 200clean, DIQ 16x24VDC/0,5A:

Before * is affected.

Siemens SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, DI 16x24VDC, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, DI 8x24VDC, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L:

Version V5.1.1 and below * is affected.

Siemens SIMATIC ET 200MP IM 155-5 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIMATIC ET 200pro IM 154-8 PN/DP CPU:

Before * is affected.

Siemens SIMATIC ET 200pro IM 154-8F PN/DP CPU:

Before * is affected.

Siemens SIMATIC ET 200pro IM 154-8FX PN/DP CPU:

Before * is affected.

Siemens SIMATIC ET 200S IM 151-8 PN/DP CPU:

Before * is affected.

Siemens SIMATIC ET 200S IM 151-8F PN/DP CPU:

Before * is affected.

Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN:

Before * is affected.

Siemens SIMATIC ET 200SP CPU 1510SP-1 PN:

Before * is affected.

Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN:

Before * is affected.

Siemens SIMATIC ET 200SP CPU 1512SP-1 PN:

Before * is affected.

Siemens SIMATIC ET 200SP IM 155-6 MF HF:

Before * is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants):

Before V1.3 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN/2 HF:

Version V4.2.0 and below * is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN/3 HF:

Version V4.2.0 and below * is affected.

Siemens SIMATIC PN/MF Coupler:

Before * is affected.

Siemens SIMATIC PN/PN Coupler:

Before V6.0.0 is affected.

Siemens SIMATIC Power Line Booster PLB, Base Module:

Before * is affected.

Siemens SIMATIC Power Line Booster PLB, Modem Module ST:

Before * is affected.

Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1211C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1211C DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1212C AC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1212C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1212C DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1214C AC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1214C DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1215C DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/Rly:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1200 CPU 1217C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIMATIC S7-1500 CPU 1511-1 PN:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1511F-1 PN:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1513-1 PN:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1513F-1 PN:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1515-2 PN:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1515F-2 PN:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU CR40:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU CR60:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR20:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR20:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR30:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR30:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR40:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR40:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR60:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU SR60:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST20:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST20:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST30:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST30:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST40:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST40:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST60:

Before * is affected.

Siemens SIMATIC S7-200 SMART CPU ST60:

Before * is affected.

Siemens SIMATIC S7-300 CPU 314C-2 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 315-2 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 315F-2 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 315T-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 317-2 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 317F-2 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 317T-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 319-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-300 CPU 319F-3 PN/DP:

Before * is affected.

Siemens SIMATIC S7-400 CPU 412-2 PN V7:

Before * is affected.

Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7:

Before * is affected.

Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7:

Before * is affected.

Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7:

Before * is affected.

Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7:

Before * is affected.

Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants):

Before * is affected.

Siemens SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants):

Before V10.2 is affected.

Siemens SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants):

Before V8.3 is affected.

Siemens SIMATIC TDC CP51M1:

Before * is affected.

Siemens SIMATIC TDC CPU555:

Before * is affected.

Siemens SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants):

Before * is affected.

Siemens SIMOCODE pro V PROFINET:

Before * is affected.

Siemens SINUMERIK 840D sl:

Before * is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200S IM 151-8 PN/DP CPU:

Before * is affected.

Siemens SIPLUS ET 200S IM 151-8F PN/DP CPU:

Before * is affected.

Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN:

Before * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL:

Version V4.2.0 and below * is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF TX RAIL:

Version V4.2.0 and below * is affected.

Siemens SIPLUS HCS4200 CIM4210:

Before * is affected.

Siemens SIPLUS HCS4200 CIM4210C:

Before * is affected.

Siemens SIPLUS HCS4300 CIM4310:

Before * is affected.

Siemens SIPLUS NET PN/PN Coupler:

Before V6.0.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212C AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215C AC/DC/RLY:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215C DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1200 CPU 1215FC DC/DC/DC:

Before V4.4.0 is affected.

Siemens SIPLUS S7-1500 CPU 1511-1 PN:

Before * is affected.

Siemens SIPLUS S7-1500 CPU 1511F-1 PN:

Before * is affected.

Siemens SIPLUS S7-1500 CPU 1513-1 PN:

Before * is affected.

Siemens SIPLUS S7-1500 CPU 1513F-1 PN:

Before * is affected.

Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP:

Before * is affected.

Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP:

Before * is affected.

Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP:

Before * is affected.

Siemens SIPLUS S7-300 CPU 314C-2 PN/DP:

Before * is affected.

Siemens SIPLUS S7-300 CPU 315-2 PN/DP:

Before * is affected.

Siemens SIPLUS S7-300 CPU 315F-2 PN/DP:

Before * is affected.

Siemens SIPLUS S7-300 CPU 317-2 PN/DP:

Before * is affected.

Siemens SIPLUS S7-300 CPU 317F-2 PN/DP:

Before * is affected.

Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7:

Before * is affected.

Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7:

Before * is affected.

Siemens SIWAREX WP231:

Before * is affected.

Siemens SIWAREX WP241:

Before * is affected.

Siemens SIWAREX WP251:

Before * is affected.

Siemens SIWAREX WP521 ST:

Before * is affected.

Siemens SIWAREX WP522 ST:

Before * is affected.

Exploit Probability

EPSS

0.09%

Percentile

26.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

TCP SeQ Validation Flaw Enables Remote DoS in TCP ServicesCVE-2025-40820 Published on December 9, 2025

Weakness Type

Improper Verification of Source of a Communication Channel

Products Associated with CVE-2025-40820

Affected Versions

Exploit Probability

TCP SeQ Validation Flaw Enables Remote DoS in TCP Services
CVE-2025-40820 Published on December 9, 2025