OTPulse
FeedAboutContact

PLC Cycle Time Influences (Update A)

Monitor7.5ICS-CERT ICSA-19-106-03Apr 16, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

High network load can consume CPU resources in PLC devices, causing the configured cycle time to be influenced. This affects the timing reliability of safety-critical and process control tasks running on the controller.

What this means
What could happen
A sustained network flood could delay or disrupt the normal cycle execution of your PLC, causing process control tasks to miss their timing deadlines and potentially affecting safety interlocks or process logic execution.
Who's at risk
Water utilities and electric utilities that operate Siemens (S7-1211, S7-314, Logo! 8), WAGO (750-889, 750-8100, 750-880, 750-831), Phoenix Contact (ILC 191 ETH 2TX, ILC 151 ETH), ABB (PM554-TP-ETH), or Schneider Electric (Modicon M221) programmable logic controllers should assess this issue. These controllers are commonly used in pump stations, treatment plants, distribution systems, and electrical substation automation where reliable cycle timing is essential for process control and safety.
How it could be exploited
An attacker with network access to the PLC could send continuous high-volume traffic to the Ethernet port, saturating CPU resources and preventing the controller from executing its programmed cycle on schedule. This is a Denial of Service (DoS) attack that does not require authentication.
Prerequisites
  • Network access to the Ethernet port of the affected PLC
  • No authentication required
  • Ability to send sustained high-volume traffic to the target device
Remotely exploitable over EthernetNo authentication requiredLow attack complexity (network flood is trivial to execute)No patch available for most affected productsAffects safety-related cycle timing
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (11)
7 pending4 EOL
ProductAffected VersionsFix Status
WAGO 750-8100 Controller: PFC100≤ 02.05.23(08)No fix (EOL)
Phoenix Contact: ILC 191 ETH 2TXAll versionsNo fix yet
Siemens: 6ES7211-1AE40-0XB0 Simatic S7-1211S7-1211No fix yet
Siemens: 6ES7314-6EH04-0AB0 Simatic S7-314S7-314No fix yet
Siemens: 6ED1052-1CC01-0BA8 Logo! 88No fix yet
ABB: 1SAP120600R0071 PM554-TP-ETHPM554-TP-ETHNo fix yet
Phoenix Contact: 2700974 ILC 151 ETHAll versionsNo fix yet
Schneider: Modicon M221M221No fix yet
Remediation & Mitigation
0/8
Do now
0/1
WORKAROUNDImplement network segmentation and firewall rules to restrict unexpected traffic to the PLC Ethernet ports, limiting exposure to DoS attacks
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

HARDENINGFor WAGO 750-889 KNX IP controllers: configure task priority, cycle time, and watchdog settings according to your process requirements to prevent CPU starvation during network load events
HARDENINGFor Siemens Simatic S7-1211, S7-314, and Logo! 8: review and optimize task scheduling and watchdog configuration to ensure critical cycles are not starved by network traffic
HARDENINGFor ABB PM554-TP-ETH: configure watchdog, task priority, and cycle time settings as documented in the Onboard Ethernet Handling in CPU Firmware chapter to prevent CPU overload from affecting process timing
HARDENINGFor WAGO 750-8100 PFC100 and 750-880 ETH controllers: tune task cycle times and priorities to be resilient to network load variations
HOTFIXFor Schneider Modicon M221: upgrade to firmware v1.10.0.0 or later, which includes fixes for cycle time stability under network load
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: WAGO 750-8100 Controller: PFC100, WAGO 750-889 Controller: KNX IP, WAGO 750-880 Controller: ETH, WAGO 750-831 Controller: BACnet/IP. Apply the following compensating controls:
HARDENINGFor Phoenix Contact ILC 191 ETH 2TX and ILC 151 ETH: refer to Application Note 107913_en_01 for mitigation guidance; consider upgrading to current product models that include countermeasures
HARDENINGMonitor PLC cycle time performance and CPU load under normal network conditions; establish baselines to detect anomalous network traffic early
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4ccc4fce-3475-4b68-89cb-0b0d66aa4a5d