Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP OpenController (Update A)

MonitorCVSS 5.3ICS-CERT ICSA-18-282-05Oct 9, 2018

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial of service vulnerability exists in Siemens SIMATIC S7-1500 CPU family (all versions from 2.0 to below 2.5), SIMATIC S7-1500 Software Controller (all versions from 2.0 to below 2.5), and SIMATIC ET 200SP Open Controller (all versions from 2.0 to below 2.1.6). An attacker with network access to these devices can send a malformed network packet that causes the CPU to stop processing or crash, requiring manual restart and interrupting process control operations. CWE-400: Uncontrolled Resource Consumption. CVSS v3.1: 5.3 (Medium) - AV:Network, AC:Low, PR:None, UI:None, Scope:Unchanged, C:None, I:None, A:Low.

What this means

What could happen

An attacker could send specially crafted network packets to cause a denial of service by stopping or crashing these programmable logic controllers, disrupting water treatment, electrical distribution, or other critical process control operations.

Who's at risk

Water utilities, electric utilities, and other industrial operators using Siemens SIMATIC S7-1500 programmable logic controllers, S7-1500 Software Controllers running in industrial control systems, or ET 200SP Open Controllers for process automation and control should assess their exposure.

How it could be exploited

An attacker with network access to the affected controller can send a malformed network packet that triggers a denial of service condition, causing the CPU to stop processing instructions or crash and require a manual restart.

Prerequisites

Network access to the affected controller on the control system network
No credentials or authentication required

remotely exploitableno authentication requiredlow complexityaffects safety-critical systems

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SIMATIC S7-1500 Software Controller: All≥ V2.0 and <V2.5v2.5 or newer

SIMATIC ET 200SP Open Controller (incl. SIPLUS variants): All≥ V2.0 and <V2.1.6v2.1.6 or newer

SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All≥ V2.0 and <V2.5v2.5 or newer

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDRestrict network access to affected controllers using firewall rules and network segmentation

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC S7-1500 CPU family to version 2.5 or newer

HOTFIXUpdate SIMATIC S7-1500 Software Controller to version 2.5 or newer

HOTFIXUpdate SIMATIC ET 200SP Open Controller to version 2.1.6 or newer

Long-term hardening

0/2

HARDENINGApply cell-protection concept to isolate critical control devices from general network access

HARDENINGImplement defense-in-depth security architecture to add multiple layers of protection around control system networks

CVEs (1)

CVE-2018-13805

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8406280e-b037-450d-8113-7070935b0389

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.