Siemens SIMOCODE pro V EIP

Plan PatchCVSS 7.5ICS-CERT ICSA-19-099-01Apr 9, 2019

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMOCODE pro V EIP is an intelligent motor controller/starter used for industrial motor control. The device is vulnerable to a denial of service attack via malformed SNMP (Simple Network Management Protocol) requests on port 161/UDP. A successful attack causes the device to become unresponsive, stopping motor control functions. The vulnerability affects all versions before 1.0.2. Siemens has released a firmware patch (version 1.0.2) that resolves the issue. Users who cannot upgrade due to hardware constraints should apply firewall rules to block SNMP traffic and implement network segmentation to isolate motor control devices.

What this means

What could happen

An attacker with network access to the SNMP port (161/UDP) can crash the SIMOCODE pro V EIP device, causing loss of motor control and stopping industrial processes. This could result in unplanned downtime of critical equipment.

Who's at risk

Water utilities and municipal electric utilities that use SIEMENS SIMOCODE pro V EIP motor controllers for pump, fan, or motor-driven equipment should apply controls. This affects any facility using these intelligent motor starters for process automation.

How it could be exploited

An attacker sends a specially crafted SNMP request to port 161/UDP on the device. The malformed packet causes a denial of service condition, making the device unresponsive and stopping motor control functions. No credentials are required.

Prerequisites

Network access to SNMP port 161/UDP on the SIMOCODE pro V EIP device

remotely exploitableno authentication requiredlow complexityaffects motor control systemsdenial of service impact on operations

Exploitability

Some exploitation risk — EPSS score 5.3%

Affected products (1)

ProductAffected VersionsFix Status

SIMOCODE pro V EIP (incl. SIPLUS variants): All<V1.0.21.0.2

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDBlock network access to port 161/UDP (SNMP) at the firewall or network switch to prevent unauthorized SNMP queries

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SIMOCODE pro V EIP to firmware version 1.0.2 or later

Long-term hardening

0/3

HARDENINGImplement cell protection concept with dedicated network segments for motor control devices, separating them from general plant networks

HARDENINGUse VPN for any required communication between network cells or remote management access

HARDENINGIsolate control system networks from the business network with firewalls and restrict internet accessibility

CVEs (1)

CVE-2017-12741

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8801b8c3-c84c-43c8-8f53-a37dadf03ccf

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.