Siemens SIMATIC NET CP 443-1 OPC UA

Act Now9.8ICS-CERT ICSA-21-159-11Jun 8, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

All versions of the SIMATIC CP 443-1 OPC UA contain multiple vulnerabilities in the underlying third-party NTP component, including input validation failures (CWE-20), buffer overflow (CWE-120), authentication bypass (CWE-285), and information disclosure issues. These flaws allow remote attackers to execute arbitrary code, modify data, or cause denial of service on the communication module without authentication. No firmware updates are currently available for this product.

What this means

What could happen

An attacker with network access to the CP 443-1 OPC UA device could execute arbitrary code or cause the device to stop responding, disrupting communication between engineering workstations and the industrial network or affecting data integrity in OPC UA interactions.

Who's at risk

Any facility operating Siemens SIMATIC CP 443-1 OPC UA devices for industrial automation communication, particularly those in manufacturing plants, water treatment, power generation, and other critical infrastructure using OPC UA for supervisory control and data acquisition. Engineering departments and control room staff depend on this device for configuration and monitoring.

How it could be exploited

An attacker on the network sends a malformed NTP packet or crafted OPC UA message to the CP 443-1. The vulnerable third-party NTP component fails to validate input properly, allowing buffer overflow or authentication bypass. The attacker gains code execution on the communication module, which could intercept, modify, or block OPC UA traffic to PLCs and other control devices.

Prerequisites

Network access to the CP 443-1 OPC UA device on port 123 (NTP) or port 4840 (OPC UA default)

Remotely exploitableNo authentication required for NTPLow complexity attackHigh EPSS score (34.9%)No patch availableAffects communication infrastructure critical to plant operations

Exploitability

High exploit probability (EPSS 34.9%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CP 443-1 OPC UAAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate the CP 443-1 OPC UA device on a separate network segment or VLAN and restrict inbound access using firewall rules; allow only trusted engineering workstations and SCADA servers to communicate with it

WORKAROUNDDisable OPC UA and NTP services if not actively used on the CP 443-1; if required, restrict to whitelisted IP addresses only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring and alerting for unusual traffic patterns to or from the CP 443-1 device, including failed NTP synchronization attempts

Mitigations - no patch available

0/1

SIMATIC CP 443-1 OPC UA has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGApply Siemens operational security guidelines for Industrial Security to the CP 443-1 deployment environment

CVEs (15)

CVE-2015-7705 CVE-2015-7853 CVE-2015-8138 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-7431 CVE-2016-7433 CVE-2016-9042 CVE-2017-6458

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef7a7563-7ab4-44ff-9bc3-528e98628d54