OTPulse
FeedAboutContact

Siemens SIMATIC S7-200 SMART CPU Family

Plan Patch7.5ICS-CERT ICSA-20-196-06Jul 14, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The SIMATIC S7-200 SMART CPU family contains a vulnerability that allows an unauthenticated attacker with network access to cause a denial-of-service condition, crashing the CPU. Affected versions are 2.2 through 2.5.0. Successful exploitation forces a device restart and disrupts all process logic and automation functions controlled by the CPU.

What this means
What could happen
An attacker could crash the S7-200 SMART CPU, halting all process logic and control functions until the device is manually restarted. This would interrupt water treatment, distribution, or power generation operations depending on the CPU's role.
Who's at risk
Water utilities, electric utilities, and other municipal operators using Siemens SIMATIC S7-200 SMART CPUs for process control and automation should assess if this device controls critical functions. Affected devices are typically used in pump stations, treatment systems, motor control, and SCADA data aggregation. Any facility relying on continuous operation of these devices is at risk of unplanned downtime.
How it could be exploited
An attacker with network access to the CPU could send a specially crafted network request that triggers a denial-of-service condition. No authentication is required, and the attack can be executed from the corporate network or internet if the device is not behind a firewall.
Prerequisites
  • Network access to the SIMATIC S7-200 SMART CPU on port 102 (default S7 protocol port) or other exposed network interface
  • Device running firmware version 2.2 through 2.5.0
  • No firewall or access control list blocking incoming traffic from untrusted networks
Remotely exploitable over the networkNo authentication requiredLow complexity attackAvailability impact (denial of service)Affects industrial control systems
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-200 SMART CPU family: v2.2 and later prior to v2.5.1≥ ≤ 2.2 | 2.5.12.5.1 and limit network access to device to trusted sources
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDConfigure firewall rules or switch ACLs to restrict network access to the S7-200 SMART CPU to only trusted engineering workstations and SCADA servers
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC S7-200 SMART CPU firmware to version 2.5.1 or later
Long-term hardening
0/1
HARDENINGSegment the control network so that the S7-200 SMART CPU is not directly reachable from the corporate IT network or internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0d33361b-3191-42e9-b939-d57f037b74b5
Siemens SIMATIC S7-200 SMART CPU Family | CVSS 7.5 - OTPulse