Siemens 7KT PAC1200 Data Manager

Plan PatchCVSS 9.8ICS-CERT ICSA-17-278-02Oct 5, 2017

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A remote code execution vulnerability exists in the Siemens 7KT PAC1200 data manager (model 7KT1260) from the SENTRON portfolio. The device fails to properly authenticate remote connections, allowing an attacker to execute arbitrary code without credentials. The vulnerability affects all firmware versions earlier than 2.03. Siemens has released firmware Version 2.03 as a fix and recommends updating to this version immediately. As a compensating control, administrators should restrict network access to the device using firewall rules and follow Siemens operational security guidelines to isolate the device in a protected environment.

What this means

What could happen

An attacker can remotely execute commands on the 7KT PAC1200 data manager without credentials, potentially disrupting power metering and energy data collection across your facility or allowing unauthorized modification of power monitoring settings.

Who's at risk

Electric utilities, energy management operations, and facilities using Siemens SENTRON 7KT PAC1200 data managers for power metering, monitoring, and energy data collection. The device typically sits on the plant network collecting real-time electrical consumption and power quality data from switchgear.

How it could be exploited

An attacker on the network can connect directly to the device and send a specially crafted request to trigger unauthenticated remote code execution. No prior authentication or complex interaction is required.

Prerequisites

Network access to the 7KT PAC1200 device
No valid credentials required
Device firmware version earlier than 2.03

remotely exploitableno authentication requiredlow complexitycritical CVSS (9.8)power metering/monitoring disruption possible

Exploitability

Some exploitation risk — EPSS score 2.6%

Affected products (1)

ProductAffected VersionsFix Status

7KT PAC1200 data manager: All< 2.03V2.03

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the 7KT PAC1200 using firewall rules; only allow connections from authorized engineering workstations and management systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 7KT PAC1200 firmware to version 2.03 or later from Siemens support site

Long-term hardening

0/1

HARDENINGSegment the device onto a dedicated VLAN or industrial network isolated from general IT infrastructure

CVEs (1)

CVE-2017-9944

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9998565b-171e-4dca-901a-a02a04c2ebb5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.