OTPulse
FeedAboutContact

Siemens SNMP Implementation of WinCC Runtime

Monitor5.3ICS-CERT ICSA-21-131-06May 11, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability exists in the SNMP implementation of WinCC Runtime on Siemens SIMATIC HMI Comfort Panels (1st Generation) and KTP Mobile Panels. An unauthenticated attacker with network access to port 161/UDP can send crafted SNMP packets to crash the SNMP service, causing the remote monitoring and management interface to become unavailable. Siemens has released firmware updates addressing this issue.

What this means
What could happen
An attacker can cause the SNMP service on WinCC Runtime panels to become unavailable by sending malformed SNMP packets, disrupting remote monitoring and management capabilities until the service is restarted.
Who's at risk
Manufacturing facilities operating Siemens SIMATIC HMI Comfort Panels (1st generation) or KTP Mobile Panels for process visualization and control. This affects plants that rely on SNMP-based remote monitoring and management of HMI touch panels.
How it could be exploited
An attacker with network access to port 161/UDP sends a crafted SNMP packet to the affected WinCC Runtime panel. The vulnerability is triggered without authentication, causing the SNMP service to crash and become unavailable.
Prerequisites
  • Network access to port 161/UDP on the affected HMI panel
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects monitoring capabilities
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants)<V16 Update 416 Update 4
SIMATIC HMI KTP Mobile Panels<V16 Update 416 Update 4
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDDisable SNMP service on affected HMI panels if SNMP functionality is not required for operations
HARDENINGRestrict network access to port 161/UDP to only trusted engineering workstations and monitoring systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC HMI Comfort Panels and KTP Mobile Panels to firmware version 16 Update 4 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/02ca02f7-9dcc-40a0-828f-656087428ab7