CVE-2025-24510

low-risk

Published 2025-05-13

A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-668154.html

/ 100

low-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal