ICSA-19-253-02 Siemens SINETPLAN

Plan PatchCVSS 8ICS-CERT ICSA-19-253-02Sep 10, 2019

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens SINETPLAN V2.0 contains a vulnerability that allows local or network-based attackers to execute arbitrary code without authentication. The vulnerability is associated with insufficient access controls on port 8888/TCP. The weakness allows attackers to bypass authentication mechanisms and execute commands with elevated privileges on the engineering workstation. This affects the TIA portal administration component used to configure and deploy industrial automation projects. The vulnerability is not remotely exploitable from the Internet but can be exploited by attackers with local access or network access to the affected port.

What this means

What could happen

An attacker with local access to the SINETPLAN workstation could execute arbitrary code with high privileges, potentially modifying project configurations, stealing credentials, or disrupting access to TIA portal engineering tools used to manage industrial automation systems.

Who's at risk

This vulnerability affects organizations using Siemens SINETPLAN engineering workstations to design and manage industrial automation systems. It is most critical for utilities, manufacturers, and water/wastewater treatment plants that rely on TIA portal-based automation engineering. Anyone with administrative responsibility for automation engineering workstations should prioritize this update.

How it could be exploited

An attacker must have local access to the SINETPLAN workstation or network access to port 8888/TCP. The vulnerability allows privilege escalation or unauthorized code execution without authentication. Once exploited, the attacker gains elevated privileges on the engineering workstation, which could be used to tamper with project files or steal credentials used to access PLCs and other control system devices.

Prerequisites

Local access to SINETPLAN workstation OR network access to port 8888/TCP
No authentication required

Low complexity exploitationNo authentication requiredHigh impact (code execution with elevated privileges)Affects engineering workstations that manage critical control systems

Exploitability

Some exploitation risk — EPSS score 5.8%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

SINETPLANV2.0No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict access to port 8888/TCP to localhost only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TIA Administrator to Version 1.0 SP1 Upd1

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate engineering workstations from untrusted networks

HARDENINGPlace control system networks behind firewalls and separate them from business networks

CVEs (1)

CVE-2019-10915

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f1396492-a185-4c3f-a352-4dac4db6d928

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.