Siemens OZW Web Server

Monitor5.3ICS-CERT ICSA-20-042-09Feb 11, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens OZW672 and OZW772 web servers contain an improper file access vulnerability (CWE-552) that allows unauthenticated remote attackers to read sensitive information from the device. The vulnerability affects all versions before V10.00. An attacker with network access to the web server can retrieve configuration data and operational parameters without any credentials or authentication.

What this means

What could happen

An attacker with network access could read sensitive information from the OZW Web Server, such as configuration data or operational parameters, without authentication. This could expose details about your water treatment or power distribution process configuration.

Who's at risk

Water authorities and utilities operating Siemens OZW672 or OZW772 web servers for SCADA, process monitoring, or configuration management. These devices are typically used to manage and display operational data for water treatment, distribution, or power systems.

How it could be exploited

An attacker on the network sends web requests to the OZW Web Server to access files or configuration data that should be restricted. No authentication is required. The attacker gains read access to sensitive information about your system configuration or operational state.

Prerequisites

Network connectivity to the OZW Web Server over HTTP/HTTPS
The OZW device is reachable from the attacker's network segment (not properly isolated from untrusted networks)

Remotely exploitableNo authentication requiredLow complexity attackNo patch available for older firmware versionsInformation disclosure risk

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

OZW772: All<V10.00V10.00

OZW672: All<V10.00V10.00

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to the OZW Web Server to trusted IP addresses only using firewall rules

HARDENINGConfigure the OZW device behind a VPN or restrict access to internal networks only, preventing direct Internet exposure

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate OZW672 and OZW772 devices to firmware version 10.0 or later

HARDENINGApply Siemens OZW hardening guidelines to baseline configuration

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the OZW device from business networks and the Internet

CVEs (1)

CVE-2019-13941

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1fc8dd80-63e2-4cd0-a80d-e16981a9afbc