OTPulse
FeedAboutContact

Siemens SINUMERIK

Act Now9.8ICS-CERT ICSA-20-161-06Jun 9, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SINUMERIK software contains multiple memory corruption vulnerabilities including buffer overflows (CWE-124, CWE-122), use-after-free (CWE-121), and out-of-bounds access (CWE-125, CWE-788) that allow remote code execution. Affected components include SINUMERIK Access MyMachine/P2P portal interface and PCU base software running on Windows 7 and Windows 10 industrial PCs. An attacker can send a malicious network packet to trigger the vulnerability without authentication or special configuration.

What this means
What could happen
Memory corruption vulnerabilities in SINUMERIK software could allow a remote attacker to execute arbitrary code on the industrial PC or controller, potentially disrupting or commandeering CNC machine operations or manufacturing processes.
Who's at risk
CNC machine tool operators, manufacturing facilities, and industrial automation managers running Siemens SINUMERIK equipment. Specifically affects SINUMERIK PCU (Process Control Unit) controllers on Windows-based industrial PCs and remote access systems using SINUMERIK Access MyMachine/P2P portals.
How it could be exploited
An attacker with network access to the SINUMERIK device (Access MyMachine/P2P portal, PCU base software on Windows) could send a specially crafted network request that triggers a buffer overflow or similar memory corruption vulnerability. This allows code execution on the machine controller without requiring authentication or user interaction.
Prerequisites
  • Network access to the SINUMERIK device or its web portal from outside the internal network
  • Device running an affected software version (below 4.8 for Access MyMachine, below 14.00 for Win10 PCU, below 12.01 HF4 for Win7 PCU)
Remotely exploitableNo authentication requiredLow complexity attackHigh severity memory corruption (buffer overflow, use-after-free)Critical CVSS 9.8Affects industrial control/CNC systems
Exploitability
Moderate exploit probability (EPSS 5.4%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
SINUMERIK Access MyMachine /P2P: All<V4.84.8
SINUMERIK PCU base Win10 software /IPC: All<V14.0014.00
SINUMERIK PCU base Win7 software /IPC: All<V12.01 HF412.01 HF4
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDRestrict network access to SINUMERIK devices to internal network or VPN only; block direct Internet exposure
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINUMERIK Access MyMachine/P2P to version 4.8 or later
HOTFIXUpdate SINUMERIK PCU base Win10 software to version 14.00 or later
HOTFIXUpdate SINUMERIK PCU base Win7 software to version 12.01 HF4 or later
Long-term hardening
0/1
HARDENINGPlace SINUMERIK devices and control networks behind a firewall, isolated from business network and Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dbce6f23-9673-452b-9ddd-4b5fc91ba08c
Siemens SINUMERIK | CVSS 9.8 - OTPulse