Siemens SIMATIC S7-PLCSIM

Monitor5.5ICS-CERT ICSA-21-068-01Mar 9, 2021

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIMATIC S7-PLCSIM V5.4 contains multiple vulnerabilities that can cause the simulator to crash or become unresponsive when processing a specially crafted project file. The vulnerabilities stem from an infinite loop condition (CWE-835), null pointer dereference (CWE-476), and potential division by zero (CWE-369). An attacker with local access to an engineering workstation can trigger these conditions by providing a malicious project file, leading to denial of service. The vulnerabilities are not remotely exploitable and require user interaction to open the file.

What this means

What could happen

An attacker with local access to an engineering workstation could crash the SIMATIC S7-PLCSIM simulator by triggering an infinite loop or null pointer dereference, disrupting simulation-based testing and training activities.

Who's at risk

Manufacturing organizations that use Siemens SIMATIC S7-PLCSIM for PLC simulation, training, and offline testing on engineering workstations. This primarily affects engineering teams and training personnel who develop and validate PLC logic before deployment to production systems.

How it could be exploited

An attacker would need to open a malicious project file on an engineering workstation running SIMATIC S7-PLCSIM. The file would trigger a code path with an infinite loop (CWE-835) or null pointer dereference (CWE-476), causing the simulator to become unresponsive or crash. This requires the attacker to have local access or to convince a user to open a specially crafted project file from an untrusted source.

Prerequisites

Local access to the engineering workstation running SIMATIC S7-PLCSIM
User action required: opening a malicious project file
Low privileges (runs as unprivileged user on the workstation)

local access requiredno authentication bypasslow complexity attackno patch availabledenial of service impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC S7-PLCSIM V5.4: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict access to SIMATIC S7-PLCSIM project files on the engineering station to trusted users only

WORKAROUNDOnly open project files from trusted, verified sources; do not open project files from untrusted or unknown senders

Mitigations - no patch available

0/2

SIMATIC S7-PLCSIM V5.4: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation and access controls to isolate engineering workstations from external networks

HARDENINGFollow Siemens operational guidelines for Industrial Security and configure the engineering environment according to product manuals

CVEs (3)

CVE-2021-25673 CVE-2021-25674 CVE-2021-25675

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/81d550b0-86f5-4890-8929-6cb7aeec7ef9