ICSA-19-192-04 Siemens SIMATIC RF6XXR

Monitor5.9ICS-CERT ICSA-19-192-04Jul 9, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Siemens SIMATIC RF615R and RF68XR wireless industrial devices contain cryptographic and input validation vulnerabilities (CWE-20, CWE-327, CWE-331) that allow an attacker to gain unauthorized access to sensitive device information. The vulnerabilities involve weak encryption and insufficient input validation in the device firmware. Affected versions are below V3.2.1.

What this means

What could happen

An attacker with network access could intercept and decrypt wireless communications with the SIMATIC RF6XXR device, potentially reading sensitive configuration and operational data. This could lead to unauthorized monitoring or control of connected industrial processes.

Who's at risk

Organizations operating Siemens SIMATIC RF615R or RF68XR wireless I/O devices in manufacturing, process control, or material handling applications should review this advisory. These devices are commonly used in production lines and process automation where they interface with PLCs or gateways over wireless networks.

How it could be exploited

An attacker positioned on the network segment containing the SIMATIC RF6XXR device exploits weak cryptographic implementation (CWE-327) to intercept and decrypt wireless communications. The attack requires network access but no authentication credentials, allowing the attacker to passively capture and read sensitive data transmitted by the device.

Prerequisites

Network access to the SIMATIC RF6XXR device on the same wireless network or Ethernet segment
Device running firmware version earlier than V3.2.1
No authentication credentials required for initial exploitation

Remotely exploitableNo authentication requiredWeak cryptographic implementationLow to medium exploitation complexityNo patch available for affected versions

Exploitability

Moderate exploit probability (EPSS 5.5%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SIMATIC RF615R<V3.2.13.2.1

SIMATIC RF68XR<V3.2.13.2.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to SIMATIC RF6XXR devices using firewall rules; allow only authorized engineering workstations and gateways to communicate with these devices

HARDENINGDo not expose SIMATIC RF6XXR devices directly to the Internet; ensure all wireless access points are secured and not accessible from outside the facility

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SIMATIC RF615R

HOTFIXUpgrade SIMATIC RF615R and RF68XR firmware to Version 3.2.1 or newer

Long-term hardening

0/1

HARDENINGIsolate the wireless network segment containing SIMATIC RF6XXR devices from the business network using a firewall boundary

CVEs (3)

CVE-2011-3389 CVE-2016-6329 CVE-2013-0169

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/80af22dd-0d29-4858-95cd-8c9d6a2e2873