Siemens SINUMERIK ONE and SINUMERIK MC (Update A)

Plan PatchCVSS 8.1ICS-CERT ICSA-21-194-17Jul 13, 2021

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SINUMERIK ONE and SINUMERIK MC products contain a memory protection bypass vulnerability in the integrated S7-1500 CPU. The vulnerability allows an attacker to write arbitrary data and code to protected memory areas or read sensitive data without authentication. An attacker with network access to Port 102/TCP could exploit this to inject malicious commands into the machine control system or exfiltrate configuration information for follow-on attacks. Siemens has released version 6.15 with a fix for both products.

What this means

What could happen

An attacker with network access to the S7-1500 CPU in SINUMERIK systems could write malicious code or data to protected memory, potentially enabling full control of machine operations, or read sensitive data to stage follow-on attacks. This could halt production, corrupt workpieces, or compromise machine safety.

Who's at risk

This affects manufacturers and machine shops operating Siemens SINUMERIK ONE or SINUMERIK MC CNC control systems (versions before 6.15). Any facility using these integrated S7-1500 CPU-based controllers for machine automation—including metalworking, drilling, turning, or milling operations—should apply this update.

How it could be exploited

An attacker on the network sends a specially crafted request to Port 102/TCP targeting the S7-1500 CPU's memory protection mechanism. By exploiting the memory bypass vulnerability, the attacker can directly write to protected memory regions where control logic and machine commands are stored, or exfiltrate sensitive configuration data without authentication.

Prerequisites

Network access to Port 102/TCP on the SINUMERIK system
System running affected SINUMERIK MC or ONE version below 6.15
No authentication required

remotely exploitableno authentication requiredaffects machine control logicmemory protection bypass enables code injectionlow exploit probability but high technical complexity

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINUMERIK MC<V6.156.15

SINUMERIK ONE<V6.156.15

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDLimit access to Port 102/TCP to trusted engineering workstations and systems only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SINUMERIK MC

HOTFIXUpdate SINUMERIK ONE and SINUMERIK MC to version 6.15 or later

Long-term hardening

0/2

HARDENINGIsolate SINUMERIK systems behind firewalls and separate from the business network

HARDENINGEnsure SINUMERIK systems are not accessible from the Internet

CVEs (1)

CVE-2020-15782

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ebe69de1-0f25-4021-a28d-0b7f3928b7fc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.