OTPulse
FeedAboutContact

Siemens SIMATIC Logon

Monitor5.3ICS-CERT ICSA-17-192-01Jul 11, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC Logon contains an out-of-bounds write vulnerability (CWE-787) that is remotely exploitable without authentication. An attacker can send a specially crafted packet to the SIMATIC Logon Remote Access service on port 16389/TCP to trigger the vulnerability.

What this means
What could happen
An attacker could crash the SIMATIC Logon service, preventing engineers from remotely accessing and managing PLC systems. This could interrupt maintenance activities and make it harder to respond to operational issues.
Who's at risk
Water and electric utilities, wastewater systems, and any facility using Siemens SIMATIC Logon for remote engineering access to PLCs and automation equipment. This includes any organization that allows remote PLC management and diagnostics.
How it could be exploited
An attacker sends a malformed packet to port 16389/TCP of the SIMATIC Logon service. The out-of-bounds write causes a denial of service, crashing the remote access service and blocking legitimate engineering access.
Prerequisites
  • Network access to port 16389/TCP on the SIMATIC Logon service
  • No authentication or valid credentials required
remotely exploitableno authentication requiredlow complexityaffects remote access to safety-critical systems
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC Logon: All< 1.61.6
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to port 16389/TCP of the SIMATIC Logon service using a firewall or network access controls, allowing only engineering workstations that need remote access
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SIMATIC Logon to version 1.6 or later
Long-term hardening
0/1
HARDENINGConfigure your environment according to Siemens Operational Guidelines for Industrial Security
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8a7e471c-e1fd-4ff6-ae79-f97b2975eac6
Siemens SIMATIC Logon | CVSS 5.3 - OTPulse