ICSA-19-253-03_Siemens Industrial Products (Update P)
Act Now7.5ICS-CERT ICSA-19-253-03Sep 10, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
This vulnerability (CWE-400) affects a large range of Siemens industrial communication and control products. Successful exploitation can cause denial-of-service conditions on affected devices, potentially disrupting manufacturing processes or utility operations. The vulnerability is exploitable remotely via network access with no authentication required. The flaw impacts SIMATIC ITC series controllers, SCALANCE network infrastructure (switches, routers, wireless access points), SIMATIC communication processor modules, SINUMERIK machine tool controllers, RUGGEDCOM industrial network devices, and SIMATIC RFID readers.
What this means
What could happen
Successful exploitation could cause denial-of-service on affected Siemens industrial devices, potentially interrupting manufacturing or utility operations that depend on these network communication modules or controllers.
Who's at risk
This advisory affects manufacturing and transportation facilities using Siemens industrial communication and control devices. Specifically, IT managers at plants and utilities should inventory: SIMATIC ITC series (ITC1500, ITC1900, ITC2200 models), SCALANCE network switches and routers (M-series, S-series, W-series, SC-series), SIMATIC communication processors (CP 442/443/1242/1243/1542/1543/1623/1628), SINUMERIK machine controllers, RUGGEDCOM industrial network devices, and SIMATIC RFID readers. The ITC2200 PRO product line has no patch available.
How it could be exploited
An attacker on the network can send specially crafted network traffic to affected devices without authentication, causing them to consume excessive resources or crash. The attack vector is network-based with no user interaction required, making it exploitable from any connected network segment.
Prerequisites
- Network access to the affected device (IP reachability)
- Device must be connected to a network and accessible from the attacker's network segment
- No credentials or special configuration required
Remotely exploitable over networkNo authentication requiredLow attack complexityHigh EPSS score (74.6%)No vendor fix for SIMATIC ITC2200 PROAffects industrial control and communication infrastructure
Exploitability
High exploit probability (EPSS 74.6%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC ITC2200 PRO: All< 3.1.1.0No fix yet
Remediation & Mitigation
0/12
Do now
0/2WORKAROUNDFor SIMATIC ITC2200 PRO: no vendor fix is available; implement network access restrictions and defense-in-depth controls
HARDENINGRestrict network access to all affected devices; limit which network segments and hosts can reach these devices
Schedule — requires maintenance window
0/9Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC ITC1500, ITC1500 PRO, ITC1900, ITC1900 PRO, ITC2200, and ITC2200 PRO to v3.1.1.0 or later
HOTFIXUpdate all SCALANCE M-series and S-series network devices to versions specified in advisory (v6.2, v4.1, v2.0.1, etc.)
HOTFIXUpdate all SIMATIC CP communication processors (CP 442-1 RNA, CP 443-1 RNA, CP 1242-7C, CP 1243 series, CP 1542SP series, CP 1543 series, CP 1623, CP 1628) to versions specified in advisory
HOTFIXUpdate SIMATIC MV540/550/560 series to v2.1 or later
HOTFIXUpdate SIMATIC Reader RF610R/615R/650R/680R/685R series to v4.0 or later
HOTFIXUpdate SINUMERIK 808D to v4.92 and SINUMERIK 828D/840D sl to v4.8 SP5
HOTFIXUpdate SINEMA Remote Connect Server to v2.1
HOTFIXApply latest available Debian patches to RUGGEDCOM APE 1404 Linux and RUGGEDCOM RX1400 VPE Debian Linux devices
HOTFIXMigrate SIMATIC Teleservice Adapters (IE Basic, IE Advanced) to SCALANCE M-800 family successor products
Long-term hardening
0/1HARDENINGApply defense-in-depth security controls such as network segmentation, firewalls, and monitoring
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ad143134-77e3-4a4f-a80d-a2a40b570c96