CVE-2025-24510 is a medium-severity vulnerability affecting Siemens MS/TP Point Pickup Modules, which are components used in building automation systems communicating over BACnet MSTP (Master-Slave/Token-Passing) networks. The vulnerability arises from improper input validation (CWE-20) of specific incoming BACnet MSTP messages. An attacker with access to the same BACnet MSTP network segment can send specially crafted MSTP messages that cause the targeted device to enter a denial of service (DoS) state. This DoS condition renders the device non-functional until a manual power cycle is performed to restore normal operation. The vulnerability does not impact confidentiality or integrity but affects availability critically. No authentication or user interaction is required to exploit this vulnerability, and the attack vector is adjacent network access (AV:A), meaning the attacker must be on the same local BACnet MSTP network. The CVSS v3.1 base score is 6.5, reflecting a medium severity level due to the ease of exploitation and impact on availability without compromising data confidentiality or integrity. No patches have been published yet, and no known exploits are currently in the wild. Siemens MS/TP Point Pickup Modules are widely used in industrial and commercial building automation for controlling HVAC and other systems, making this vulnerability relevant for operational technology environments.

For European organizations, this vulnerability poses a significant risk to building automation and industrial control systems that rely on Siemens MS/TP Point Pickup Modules. A successful exploitation can disrupt critical building functions such as heating, ventilation, air conditioning, and lighting control, potentially causing operational downtime, discomfort, and increased energy costs. In sensitive environments like hospitals, data centers, or manufacturing plants, such disruptions could lead to safety risks or production losses. Since the attack requires local network access, the threat is more pronounced in environments where BACnet MSTP networks are accessible or insufficiently segmented from general IT networks. The lack of confidentiality or integrity impact reduces the risk of data breaches, but the availability impact can affect business continuity and safety compliance. European organizations with integrated building management systems must consider this vulnerability in their risk assessments and incident response planning.

1. Network Segmentation: Isolate BACnet MSTP networks from general IT networks and restrict access to authorized personnel and devices only. Use VLANs or physical separation to limit exposure. 2. Access Controls: Implement strict access control policies on BACnet MSTP networks, including monitoring and logging of network traffic to detect anomalous MSTP messages. 3. Device Hardening: Disable unused services and interfaces on Siemens MS/TP Point Pickup Modules to reduce attack surface. 4. Monitoring and Detection: Deploy network intrusion detection systems (NIDS) capable of recognizing malformed or suspicious BACnet MSTP traffic patterns. 5. Incident Response: Prepare procedures for rapid power cycling of affected devices to restore service if a DoS attack occurs. 6. Vendor Coordination: Engage with Siemens for updates on patches or firmware upgrades addressing this vulnerability and plan timely deployment once available. 7. Physical Security: Ensure physical security controls prevent unauthorized personnel from accessing BACnet MSTP network hardware. These measures go beyond generic advice by focusing on the unique characteristics of BACnet MSTP networks and the operational environment of building automation systems.