Siemens SIMATIC Controller Web Servers
Monitor5.3ICS-CERT ICSA-20-343-09Dec 8, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The web server component of SIMATIC ET 200SP Open Controller and SIMATIC S7-1500 Software Controller (both version 20.8) is vulnerable to a denial-of-service attack. An attacker on the network can send a crafted request that crashes or hangs the web server, making the device temporarily unreachable via HTTP/HTTPS. The core PLC control logic is not affected and continues to operate. Siemens has released firmware version 21.8 for both products to resolve this issue.
What this means
What could happen
An attacker can trigger a denial-of-service condition on the controller's web server, temporarily making the device unreachable via HTTP/HTTPS. The underlying PLC control logic continues to run, but remote web-based access and monitoring are disrupted.
Who's at risk
Water authorities and electric utilities operating Siemens SIMATIC ET 200SP Open Controllers or SIMATIC S7-1500 Software Controllers should assess if these devices are used in their automation infrastructure. These controllers are commonly deployed in distributed I/O nodes and software-based control systems. Organizations with web-accessible or network-accessible instances of these devices are at risk.
How it could be exploited
An attacker with network access to the controller's web server port (typically TCP 80 or 443) can send a specially crafted request that causes the web server to crash or become unresponsive. The attacker does not need valid credentials or special knowledge of the system configuration.
Prerequisites
- Network reachability to the web server port on the controller (TCP 80 or 443)
- No authentication required
remotely exploitableno authentication requiredlow complexityaffects network availability of control systems
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (2)
1 with fix1 pending
ProductAffected VersionsFix Status
SIMATIC ET 200SP Open Controller (incl. SIPLUS variants): V20.8V20.8No fix yet
SIMATIC S7-1500 Software Controller: V20.8V20.8v21.8
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDConfigure firewall rules to restrict network access to the web server port (TCP 80/443) to trusted engineering workstations and administrative subnets only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC ET 200SP Open Controller to firmware v21.8 or later
HOTFIXUpdate SIMATIC S7-1500 Software Controller to firmware v21.8 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate the control system from untrusted networks and require VPN or bastion host access for remote administration
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0fa7c51d-90bf-4d9a-bf6b-5344150b4ad9