ICSA-18-060-01_Siemens SIMATIC, SIMOTION, and SINUMERIK (Update A)
Plan Patch8.2ICS-CERT ICSA-18-060-01Mar 1, 2018
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Siemens SIMATIC, SIMOTION, and SINUMERIK products contain a privilege escalation vulnerability (CWE-284) affecting multiple industrial PCs, panel-mount controllers, and CNC control units. The vulnerability requires high privilege and local access to exploit but can escalate attacker capabilities across system boundaries and affect system confidentiality, integrity, and availability.
What this means
What could happen
An attacker with administrative access to an affected Siemens control system could escalate privileges to compromise system integrity and confidentiality, potentially altering production settings, stopping manufacturing processes, or disrupting CNC machine operation.
Who's at risk
Manufacturing facilities using Siemens SIMATIC industrial PCs (IPC series), SIMOTION motion controllers, and SINUMERIK CNC control units, as well as field programming devices and HMI panels. This affects production control, machine tool operation, and process automation systems in discrete manufacturing, automotive, and machine tool environments.
How it could be exploited
An attacker must first gain high-privilege local access (e.g., physical access or remote code execution as administrator) on an affected SIMATIC, SIMOTION, or SINUMERIK device. Once local, they can exploit the privilege escalation flaw to escalate capabilities beyond their current privilege level, compromising the operating system and process control functions.
Prerequisites
- Local or remote access to the device operating system with administrator/high-privilege credentials
- Physical access or prior remote code execution as a privileged user
Local access required but could follow remote compromiseHigh privilege needed but attacker already has system accessAffects confidentiality, integrity, and availability of control systemsWide range of affected product lines increases scope of riskCNC and motion control systems critical to production
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SINUMERIK PCU50.5-P WINXP: ME prior to V6.2.61.3535< 6.2.61.35356.2.61.3535 or higher
Remediation & Mitigation
0/29
Schedule — requires maintenance window
0/27Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC Field-PG M3 to version V6.2.61.3535 or higher
HOTFIXUpdate SIMATIC Field-PG M4 to version V18.01.06 or higher
HOTFIXUpdate SIMATIC Field-PG M5 to version V22.01.04 or higher
HOTFIXUpdate SIMATIC HMI IPC677C to version V6.2.61.3535 or higher
HOTFIXUpdate SIMATIC IPC427D to version V17.0.10 or higher
HOTFIXUpdate SIMATIC IPC427E to version V21.01.07 or higher
HOTFIXUpdate SIMATIC IPC477D to version V17.0.10 or higher
HOTFIXUpdate SIMATIC IPC477D PRO to version V17.0.10 or higher
HOTFIXUpdate SIMATIC IPC477E to version V21.01.07 or higher
HOTFIXUpdate SIMATIC IPC547D to version V7.1.91.3272 or higher
HOTFIXUpdate SIMATIC IPC547E to version V9.1.41.3024 or higher
HOTFIXUpdate SIMATIC IPC547G to version V11.8.50.3425 and R1.21.0 or higher
HOTFIXUpdate SIMATIC IPC627C to version V6.2.61.3535 or higher
HOTFIXUpdate SIMATIC IPC627D to version V9.1.41.3024 or higher
HOTFIXUpdate SIMATIC IPC647C to version V6.2.61.3535 or higher
HOTFIXUpdate SIMATIC IPC647D to version V9.1.41.3024 or higher
HOTFIXUpdate SIMATIC IPC677D to version V9.1.41.3024 or higher
HOTFIXUpdate SIMATIC IPC827C to version V6.2.61.3535 or higher
HOTFIXUpdate SIMATIC IPC827D to version V9.1.41.3024 or higher
HOTFIXUpdate SIMATIC IPC847C to version V6.2.61.3535 or higher
HOTFIXUpdate SIMATIC IPC847D to version V9.1.41.3024 or higher
HOTFIXUpdate SIMATIC ITP1000 to version V23.01.03 or higher
HOTFIXUpdate SINUMERIK PCU50.5-C WIN7 to version V6.2.61.3535 or higher
HOTFIXUpdate SINUMERIK PCU50.5-C WINXP to version V6.2.61.3535 or higher
HOTFIXUpdate SINUMERIK PCU50.5-P WIN7 to version V6.2.61.3535 or higher
HOTFIXUpdate SINUMERIK PCU50.5-P WINXP to version V6.2.61.3535 or higher
HOTFIXUpdate SIMOTION P320-4S to version S17.02.06.83.1 or higher
Long-term hardening
0/2HARDENINGRestrict local console and remote administrative access to engineering staff and trusted accounts only
HARDENINGImplement physical security controls to prevent unauthorized local access to affected devices
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6350931d-1533-4037-b95d-37ba0d04093b