OTPulse
FeedAboutContact

Siemens SIMATIC CP 44x-1 Redundant Network Access Modules

Act Now9.8ICS-CERT ICSA-17-173-01Jun 22, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The SIMATIC CP 44x-1 RNA (Redundant Network Access) module contains an authentication bypass vulnerability (CWE-287) that allows unauthenticated remote attackers to execute arbitrary commands or reconfigure the module. The module does not properly validate requests on its network interfaces, permitting an attacker to interact with the device without providing credentials. This affects all versions prior to 1.4.1.

What this means
What could happen
An attacker without credentials could remotely execute commands on the redundant network access module, potentially disrupting communication between redundant PLC systems or altering their configuration, which could cause loss of process control or failover failures in critical infrastructure.
Who's at risk
Water utilities and electric utilities using Siemens SIMATIC redundancy control networks. The SIMATIC CP 44x-1 RNA modules are used to manage failover and redundancy between PLC systems in critical infrastructure. This affects any organization running SIMATIC automation platforms that rely on these modules for high-availability control systems.
How it could be exploited
An attacker on the network sends a malicious network packet to the SIMATIC CP 44x-1 RNA module on port 102 (or other exposed service ports). Because the module does not properly authenticate remote requests, the attacker can execute arbitrary commands or reconfigure the module without providing credentials. This could reroute traffic, poison the redundancy configuration, or inject malicious commands into the PLC network.
Prerequisites
  • Network reachability to the SIMATIC CP 44x-1 RNA module on its management or industrial protocol ports
  • No special credentials or authentication tokens required
remotely exploitableno authentication requiredlow complexityaffects critical infrastructure redundancyhigh CVSS score (9.8)
Exploitability
Moderate exploit probability (EPSS 4.2%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC CP 44x-1 RNA: all< 1.4.11.4.1
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDImplement network access controls to restrict connections to the SIMATIC CP 44x-1 RNA to authorized engineering workstations and PLCs only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CP 44x-1 RNA firmware to version 1.4.1 or later
Long-term hardening
0/1
HARDENINGReview and apply Siemens operational security guidelines for industrial control systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b14c8629-3d94-40fb-b085-1fec147ca1b8
Siemens SIMATIC CP 44x-1 Redundant Network Access Modules | CVSS 9.8 - OTPulse