Siemens SIMATIC RFID (Update B)

Plan Patch7.5ICS-CERT ICSA-21-159-13Jun 8, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A Denial of Service vulnerability in Siemens SIMATIC RFID reader and controller devices could allow an unauthorized attacker to crash the OPC UA service on affected devices. The vulnerability affects SIMATIC Reader RF610R, RF615R, RF650R, RF680R, and RF685R models (versions >3.0 and <4.0), SIMATIC RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI (versions >1.1 and <1.3.2), and SIMATIC RF360R (versions <2.0). Siemens has released firmware updates addressing this issue.

What this means

What could happen

An attacker could crash the OPC UA communication service on RFID readers and controllers, disrupting communication between the devices and your automation systems and potentially halting RFID-based inventory, tracking, or production processes that depend on this connectivity.

Who's at risk

Organizations operating Siemens SIMATIC RFID systems should care, particularly those using RF610R, RF615R, RF650R, RF680R, and RF685R reader models, or RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R controller models in manufacturing, warehousing, asset tracking, or production automation environments where RFID data collection feeds into SCADA or MES (Manufacturing Execution Systems) via OPC UA.

How it could be exploited

An attacker needs network access to the OPC UA port on an affected SIMATIC RFID device. They can send a specially crafted request that causes the OPC UA service to crash, making the device unable to communicate with your automation systems until it is manually rebooted.

Prerequisites

Network access to the OPC UA service port on the affected SIMATIC RFID device
The OPC UA feature must be enabled on the device
Device must be running a vulnerable firmware version (RF Reader models >3.0 and <4.0, RF controller models >1.1 and <1.3.2, or RF360R <2.0)

remotely exploitableno authentication requiredlow complexityaffects industrial communication

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (25)

25 with fix

ProductAffected VersionsFix Status

SIMATIC Reader RF610R CMIIT>V3.0|<V4.04.0

SIMATIC Reader RF610R ETSI>V3.0|<V4.04.0

SIMATIC Reader RF610R FCC>V3.0|<V4.04.0

SIMATIC Reader RF615R CMIIT>V3.0|<V4.04.0

SIMATIC Reader RF615R ETSI>V3.0|<V4.04.0

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDisable the OPC UA feature on affected devices if firmware update cannot be applied immediately

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

SIMATIC RF166C

HOTFIXUpdate SIMATIC RF166C, RF185C, RF186C, RF186CI, RF188C, and RF188CI devices to firmware version 1.3.2 or later

SIMATIC RF360R

HOTFIXUpdate SIMATIC RF360R devices to firmware version 2.0 or later

All products

HOTFIXUpdate SIMATIC Reader RF610R, RF615R, RF650R, RF680R, and RF685R devices to firmware version 4.0 or later

Long-term hardening

0/1

HARDENINGRestrict network access to OPC UA ports on SIMATIC RFID devices using firewall rules; isolate RFID readers and controllers behind firewalls separated from business networks

CVEs (1)

CVE-2021-31340

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4d219750-33c0-405d-9797-84da67df0d38