Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability
Monitor5.3ICS-CERT ICSA-16-208-02Apr 29, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SIMATIC NET PC-Software versions 13 and earlier (before Service Pack 2) contain a denial-of-service vulnerability in network packet handling. The vulnerability allows an attacker to send a crafted network packet that causes the software to crash or stop responding. No user interaction or prior authentication is required. The affected product is end-of-life and Siemens has not released a security update.
What this means
What could happen
An attacker with network access can send a specially crafted packet to cause the SIMATIC NET PC-Software to crash or become unresponsive, disrupting communication between engineering workstations and SIMATIC controllers on your network.
Who's at risk
This affects operators and engineers who use SIMATIC NET PC-Software to commission, monitor, or maintain Siemens SIMATIC PLCs and industrial controllers. Any site running V13 SP2 or earlier on an engineering workstation connected to your automation network is at risk, particularly if remote engineering access or vendor support connections are used.
How it could be exploited
An attacker can remotely send a malformed network packet to the SIMATIC NET PC-Software service listening on the network. The vulnerability in packet handling causes the application to stop responding or crash without requiring authentication or user interaction.
Prerequisites
- Network reachability to the SIMATIC NET PC-Software service port (default: UDP/502 or TCP/102)
- SIMATIC NET PC-Software running and listening on the network
- Version 13 Service Pack 2 or earlier deployed
remotely exploitableno authentication requiredlow complexityno patch availableaffects engineering access and system availability
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC NET PC-Software: <V13_SP2<V13 SP2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate SIMATIC NET PC-Software systems on a separate engineering network segment with firewall rules restricting inbound network access to only necessary workstations
WORKAROUNDDisable remote network access to SIMATIC NET PC-Software if it is not required for your operations; configure the software to listen only on localhost or specific trusted IPs
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor network traffic for unexpected packets to SIMATIC NET PC-Software ports and implement network-based filtering to drop malformed packets
HOTFIXPlan upgrade or replacement of SIMATIC NET PC-Software to a newer version outside the V13 product line when a maintenance window permits
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/53e73373-1f6d-4018-b46c-d0ca7b861053