OTPulse
FeedAboutContact

ICSA-19-281-04 Siemens SIMATIC IT UADM

Monitor6.8ICS-CERT ICSA-19-281-04Oct 8, 2019
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

SIMATIC IT UADM versions prior to 1.3 contain a vulnerability in data protection that allows an attacker with high-level network access to port 1434/TCP to read sensitive configuration and credential data from the application. The vulnerability has a CVSS score of 6.8 (Medium) and affects confidentiality but not integrity or availability. No public exploits are currently known.

What this means
What could happen
An attacker with high-level credentials on your network could access sensitive configuration data on SIMATIC IT UADM, potentially revealing plant settings or authentication details that could be used in further attacks.
Who's at risk
Manufacturing and process control facilities that use Siemens SIMATIC IT UADM (Unified Archive Data Management) for IT/OT integration and data collection—particularly batch processing, pharmaceutical, chemical, and discrete manufacturing environments that rely on historical data and configuration management.
How it could be exploited
An attacker with high-privilege network access to port 1434/TCP on a machine running SIMATIC IT UADM could connect and extract sensitive data from the application. The attack requires direct network access to the affected machine and administrative-level credentials on your network.
Prerequisites
  • Network access to port 1434/TCP on the SIMATIC IT UADM machine
  • High-privilege network position (not a remote Internet attacker)
  • The machine must be running SIMATIC IT UADM version 1.3 or earlier
Remotely exploitable over the networkRequires high-privilege network access (not unauthenticated)Data confidentiality impact (configuration and authentication information disclosure)Low complexity attack
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC IT UADM<V1.3Version 1.3
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to port 1434/TCP on machines running SIMATIC IT UADM using firewall rules; allow only authorized engineering workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC IT UADM to Version 1.3 or later, available from your Siemens account manager
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate SIMATIC IT UADM systems from the business network and untrusted zones
HARDENINGApply cell protection concept and defense-in-depth strategies per Siemens operational guidelines
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a907c125-209e-469e-a56c-433a72339198