OTPulse
FeedAboutContact

Siemens SIMOCODE pro V EIP

Plan Patch7.5ICS-CERT ICSA-19-099-01Apr 9, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMOCODE pro V EIP is an intelligent motor controller/starter used for industrial motor control. The device is vulnerable to a denial of service attack via malformed SNMP (Simple Network Management Protocol) requests on port 161/UDP. A successful attack causes the device to become unresponsive, stopping motor control functions. The vulnerability affects all versions before 1.0.2. Siemens has released a firmware patch (version 1.0.2) that resolves the issue. Users who cannot upgrade due to hardware constraints should apply firewall rules to block SNMP traffic and implement network segmentation to isolate motor control devices.

What this means
What could happen
An attacker with network access to the SNMP port (161/UDP) can crash the SIMOCODE pro V EIP device, causing loss of motor control and stopping industrial processes. This could result in unplanned downtime of critical equipment.
Who's at risk
Water utilities and municipal electric utilities that use SIEMENS SIMOCODE pro V EIP motor controllers for pump, fan, or motor-driven equipment should apply controls. This affects any facility using these intelligent motor starters for process automation.
How it could be exploited
An attacker sends a specially crafted SNMP request to port 161/UDP on the device. The malformed packet causes a denial of service condition, making the device unresponsive and stopping motor control functions. No credentials are required.
Prerequisites
  • Network access to SNMP port 161/UDP on the SIMOCODE pro V EIP device
remotely exploitableno authentication requiredlow complexityaffects motor control systemsdenial of service impact on operations
Exploitability
Moderate exploit probability (EPSS 5.3%)
Affected products (1)
ProductAffected VersionsFix Status
SIMOCODE pro V EIP (incl. SIPLUS variants): All<V1.0.21.0.2
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDBlock network access to port 161/UDP (SNMP) at the firewall or network switch to prevent unauthorized SNMP queries
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SIMOCODE pro V EIP to firmware version 1.0.2 or later
Long-term hardening
0/3
HARDENINGImplement cell protection concept with dedicated network segments for motor control devices, separating them from general plant networks
HARDENINGUse VPN for any required communication between network cells or remote management access
HARDENINGIsolate control system networks from the business network with firewalls and restrict internet accessibility
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8801b8c3-c84c-43c8-8f53-a37dadf03ccf