OTPulse
FeedAboutContact

Siemens SPC Controller Series Denial-of-Service Vulnerability

Low RiskICS-CERT ICSA-15-064-03Dec 6, 2015
Summary

Siemens SPC Controller Series devices (SPC4000, SPC5000, SPC6000) versions prior to V3.6.0 are vulnerable to a denial-of-service condition due to improper handling of input validation (CWE-400). An attacker could cause the controller to become unresponsive, disrupting process control operations.

What this means
What could happen
An attacker could render the SPC controller unresponsive, halting automated control of critical industrial processes until the device is manually recovered or rebooted.
Who's at risk
Water treatment plants, electric utilities, and other municipal operators running Siemens SPC4000, SPC5000, or SPC6000 series controllers. These devices are commonly used for supervisory control and data acquisition (SCADA) of pumps, valves, generators, and other critical infrastructure equipment.
How it could be exploited
An attacker with network access to the SPC controller could send specially crafted input that triggers improper resource handling, causing the controller to become unresponsive and unable to execute control logic or respond to commands.
Prerequisites
  • Network access to the SPC controller
  • No authentication required
remotely exploitableno authentication requiredno patch availableaffects control system availability
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
SPC4000 series: <V3.6.0<V3.6.0No fix (EOL)
SPC5000 series: <V3.6.0<V3.6.0No fix (EOL)
SPC6000 series: <V3.6.0.<V3.6.0.No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation to restrict external access to SPC controllers. Isolate the control network from corporate and internet-facing networks using firewalls or air-gapping.
WORKAROUNDDeploy rate limiting or input filtering rules on network devices upstream of SPC controllers to block or throttle potentially malicious requests.
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: SPC4000 series: <V3.6.0, SPC5000 series: <V3.6.0, SPC6000 series: <V3.6.0.. Apply the following compensating controls:
HARDENINGMonitor for unusual network traffic or repeated failed connections to SPC controllers and investigate anomalies.
HARDENINGMaintain detailed documentation of SPC controller firmware versions deployed and establish an upgrade plan if patches become available.
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/02bab246-f4b8-4353-b9e5-447b1b1b4ab5
Siemens SPC Controller Series Denial-of-Service Vulnerability - OTPulse