Siemens SINEMA Remote Connect Server

Plan PatchCVSS 7.5ICS-CERT ICSA-21-103-08Apr 13, 2021

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Two Denial-of-Service vulnerabilities exist in the underlying third-party XML parser used by SINEMA Remote Connect Server versions prior to 3.0. An attacker can trigger a crash by sending specially crafted XML requests to the service, rendering it unavailable for remote engineering access. The vulnerabilities stem from improper handling of XML input (CWE-772: Missing Release of Resource After Effective Lifetime Ends; CWE-835: Loop with Unreachable Exit Condition). No known public exploits are currently available.

What this means

What could happen

An attacker could crash the SINEMA Remote Connect Server by sending specially crafted XML requests, disrupting remote access capabilities for engineering and maintenance staff managing industrial control systems.

Who's at risk

Water authorities, electric utilities, and other critical infrastructure operators using SINEMA Remote Connect Server for remote engineering access to industrial control systems and PLCs. This affects any organization that provides remote maintenance or diagnostics capabilities to field technicians and engineers.

How it could be exploited

An attacker with network access to the SINEMA Remote Connect Server (typically port 443 or configured management port) sends malformed XML payloads to the underlying XML parser. The parser fails to properly handle the input, causing a denial of service that makes the remote connection service unavailable.

Prerequisites

Network access to SINEMA Remote Connect Server management interface
No authentication required to trigger the denial-of-service condition

remotely exploitableno authentication requiredlow complexityaffects remote access to operational systemslow EPSS score but denial-of-service impact on critical operations

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (1)

ProductAffected VersionsFix Status

SINEMA Remote Connect Server<V3.03.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to SINEMA Remote Connect Server to trusted engineering and authorized personnel only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEMA Remote Connect Server to version 3.0 or later

Long-term hardening

0/2

HARDENINGPlace SINEMA Remote Connect Server and all remote access infrastructure behind a perimeter firewall, isolated from the business network

HARDENINGIf remote access is required outside your facility, use a VPN with current security updates and ensure the connected devices are patched and hardened

CVEs (2)

CVE-2019-19956 CVE-2020-7595

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e887f1d6-ea24-4bd8-a950-c89f6a7fdb30

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.