The SIMATIC CP 1623, CP 1626 and CP 1628 are PCI express cards for connection to industrial Ethernet. the SIMATIC CP 1604 and CP 1616 are PCI/PCI-104 cards for the connection of field devices to PROFINET industrial Ethernet. The Siemens SIMATIC CP devices suffer from an Improper Access Control vulnerability due to the kernel memory of the affected devices being exposed in user mode via Direct Memory Access (DMA), which can be exploited by an attacker to execute arbitrary code on the host system without any restrictions.