Siemens SIMATIC Ident MV440 Family (Update A)

Plan Patch7.1ICS-CERT ICSA-19-162-02Jun 11, 2019

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens SIMATIC MV400 family devices are vulnerable to unauthorized modification of projects by logged-in users due to improper access controls (CWE-284) and insecure transmission of credentials (CWE-319). The vulnerability affects all versions prior to v7.0.6 and has a CVSS score of 7.1.

What this means

What could happen

An attacker with valid login credentials could modify automation projects on the SIMATIC MV400, potentially altering control logic, process setpoints, or alarms without proper authorization. This could cause unintended process behavior or production disruptions.

Who's at risk

Water utilities, municipal electric systems, and any automation operations using Siemens SIMATIC MV400 identification readers for product marking, tracking, or material handling systems should assess whether these devices are deployed in their critical processes.

How it could be exploited

An attacker with network access to the device and valid engineering credentials could log in and modify automation projects. The insecure credential transmission (CWE-319) may also allow credential capture if traffic is not encrypted, lowering the barrier to obtaining valid accounts.

Prerequisites

Network access to the SIMATIC MV400 device
Valid engineering workstation login credentials

requires authenticationlow complexityremotely exploitableaffects control logic modification

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC MV400 family: All<V7.0.6v7.0.6

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDEnable the DISA bit to prevent project modifications by logged-in users

HARDENINGRestrict network access to SIMATIC MV400 devices; do not expose to the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC MV400 family devices to firmware version 7.0.6 or later

Long-term hardening

0/1

HARDENINGIsolate control system networks and remote devices behind firewalls, separate from business network

CVEs (2)

CVE-2019-10925 CVE-2019-10926

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9eddab27-e61a-4323-b288-42666f3e0902