Siemens SIMATIC CP 1543-1

Act Now9.8ICS-CERT ICSA-20-042-03Feb 11, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SIMATIC CP 1543-1 communication processor contains multiple vulnerabilities in its embedded ProFTPD FTP server. The server lacks proper access controls (CWE-284) and contains an infinite loop condition (CWE-835), allowing unauthenticated remote attackers to gain administrative access, execute arbitrary commands, and cause denial of service on the device. Affected firmware versions are 2.0 through 2.1. The vulnerabilities are fixed in firmware version 2.2.

What this means

What could happen

An attacker with network access to the FTP server could gain administrative control of the SIMATIC CP 1543-1 communication processor, potentially allowing them to disrupt industrial network communications or manipulate data flowing through connected systems.

Who's at risk

Water and electric utilities that use Siemens SIMATIC CP 1543-1 communication processors for network integration and data exchange in their supervisory or control networks. Any facility using CP 1543-1 modules (including SIPLUS NET variants) to connect PLCs, RTUs, or HMIs across distributed sites should prioritize assessment and remediation.

How it could be exploited

An attacker would send specially crafted FTP commands to port 21/TCP on the CP 1543-1. The embedded ProFTPD server lacks proper access controls (CWE-284), allowing the attacker to bypass authentication and execute commands with system privileges. No credentials are required.

Prerequisites

Network access to port 21/TCP on the SIMATIC CP 1543-1
FTP server enabled (disabled by default but may be enabled in some configurations)
Device running firmware version 2.0 through 2.1 (not yet updated to 2.2)

Remotely exploitable without authenticationLow complexity attackHigh EPSS score (78.8%)No known patch available yet at advisory releaseAffects industrial network infrastructure

Exploitability

High exploit probability (EPSS 78.8%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CP 1543-1 (incl. SIPLUS NET variants): All≥ V2.0 and <V2.22.2

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDisable the embedded FTP server if not required for operations

WORKAROUNDRestrict access to port 21/TCP to only trusted engineering workstations or systems using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CP 1543-1 to firmware version 2.2 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the industrial network from the business network and Internet

CVEs (2)

CVE-2019-12815 CVE-2019-18217

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a449b7a7-b08a-421a-bcc0-11d18cbed55f