Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP OpenController (Update A)
Monitor5.3ICS-CERT ICSA-18-282-05Oct 9, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial of service vulnerability exists in Siemens SIMATIC S7-1500 CPU family (all versions from 2.0 to below 2.5), SIMATIC S7-1500 Software Controller (all versions from 2.0 to below 2.5), and SIMATIC ET 200SP Open Controller (all versions from 2.0 to below 2.1.6). An attacker with network access to these devices can send a malformed network packet that causes the CPU to stop processing or crash, requiring manual restart and interrupting process control operations. CWE-400: Uncontrolled Resource Consumption. CVSS v3.1: 5.3 (Medium) - AV:Network, AC:Low, PR:None, UI:None, Scope:Unchanged, C:None, I:None, A:Low.
What this means
What could happen
An attacker could send specially crafted network packets to cause a denial of service by stopping or crashing these programmable logic controllers, disrupting water treatment, electrical distribution, or other critical process control operations.
Who's at risk
Water utilities, electric utilities, and other industrial operators using Siemens SIMATIC S7-1500 programmable logic controllers, S7-1500 Software Controllers running in industrial control systems, or ET 200SP Open Controllers for process automation and control should assess their exposure.
How it could be exploited
An attacker with network access to the affected controller can send a malformed network packet that triggers a denial of service condition, causing the CPU to stop processing instructions or crash and require a manual restart.
Prerequisites
- Network access to the affected controller on the control system network
- No credentials or authentication required
remotely exploitableno authentication requiredlow complexityaffects safety-critical systems
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
SIMATIC S7-1500 Software Controller: All≥ V2.0 and <V2.5v2.5 or newer
SIMATIC ET 200SP Open Controller (incl. SIPLUS variants): All≥ V2.0 and <V2.1.6v2.1.6 or newer
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All≥ V2.0 and <V2.5v2.5 or newer
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDRestrict network access to affected controllers using firewall rules and network segmentation
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC S7-1500 CPU family to version 2.5 or newer
HOTFIXUpdate SIMATIC S7-1500 Software Controller to version 2.5 or newer
HOTFIXUpdate SIMATIC ET 200SP Open Controller to version 2.1.6 or newer
Long-term hardening
0/2HARDENINGApply cell-protection concept to isolate critical control devices from general network access
HARDENINGImplement defense-in-depth security architecture to add multiple layers of protection around control system networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8406280e-b037-450d-8113-7070935b0389