OTPulse
FeedAboutContact

Siemens SIMATIC S7-300 CPU

Monitor7.5ICS-CERT ICSA-19-043-04Jan 8, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens SIMATIC S7-300 CPU family (including ET200 and SIPLUS variants) versions before V3.X.16 contain an input validation flaw (CWE-20) that allows unauthenticated, remotely exploitable denial of service. An attacker sending crafted packets to the CPU can cause the device to become unresponsive, disrupting normal operations.

What this means
What could happen
An attacker with network access to the PLC can send malicious packets that crash the CPU, causing it to stop responding and halting all controlled processes until the device is manually restarted.
Who's at risk
Water utilities, municipal electric providers, and industrial facilities operating Siemens S7-300 CPUs for process automation, pump control, valve operation, and critical process logic should treat this as high priority. Any facility relying on these PLCs for essential service delivery is at risk of operational disruption.
How it could be exploited
An attacker on the network sends specially crafted packets (Ethernet or Profibus) to the CPU listening ports. The device fails to properly validate the packet structure, triggering a crash or hang. The CPU becomes unresponsive, and supervised processes cease until manual restart.
Prerequisites
  • Network reachability to the CPU (Ethernet port 102 or Profibus interface)
  • No credentials or authentication required
remotely exploitableno authentication requiredlow complexityaffects availability of critical control devicescauses operational downtime if exploited
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants): All<V3.X.16No fix yet
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to the S7-300 CPU using firewall rules; block unauthorized access to Ethernet port 102 and Profibus interfaces from untrusted network segments
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC S7-300 CPU firmware to version 3.X.16 or later from Siemens support portal
Long-term hardening
0/2
HARDENINGOperate the S7-300 CPU only within trusted, isolated industrial network segments; segregate control system network from corporate IT network using air-gap or firewall
HARDENINGImplement defense-in-depth security controls: place control system network behind firewalls, disable unnecessary network services, and ensure no direct internet connectivity
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/170d19c9-0a69-4b9b-8382-6f06e334781f