OTPulse
FeedAboutContact

Siemens SINEMA Server

Monitor4.7ICS-CERT ICSA-21-257-12Sep 14, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

SINEMA Server versions prior to 14 SP3 contain a vulnerability that allows an unauthenticated attacker to obtain encoded system configuration backup files under certain conditions. The backup files are accessed via unauthenticated requests to the HTTP/HTTPS ports of the SINEMA Server. Siemens has released version 14 SP3 which fixes this issue.

What this means
What could happen
An attacker could download encoded system configuration backup files from your SINEMA Server without authentication, potentially exposing sensitive network and system settings. These backups may contain information that could be used to plan further attacks against your infrastructure.
Who's at risk
Organizations using Siemens SINEMA Server for network management and security configuration should be concerned. This affects anyone relying on SINEMA Server for administering Siemens industrial networks, particularly utilities and manufacturing operations that use this platform for device management and secure configuration storage.
How it could be exploited
An attacker on the network accesses the SINEMA Server via HTTP (port 80) or HTTPS (port 443) and requests the system configuration backup download function. Since authentication is not required under certain conditions, the attacker can retrieve the encoded backup file containing system configuration details.
Prerequisites
  • Network access to the SINEMA Server on port 80/TCP or 443/TCP
  • SINEMA Server running a version prior to v14 SP3
remotely exploitableno authentication requiredlow complexityconfiguration data exposure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SINEMA Server<V14 SP314 SP3
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to SINEMA Server ports 80/TCP and 443/TCP to trusted IP addresses only using firewall rules
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEMA Server to version 14 SP3 or later
Long-term hardening
0/2
HARDENINGImplement monitoring and establish a baseline for system configuration backup downloads to detect abnormal access patterns
HARDENINGPlace SINEMA Server and other control system devices behind firewalls and isolate them from the business network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fd94c314-85e7-4bcc-a3c2-75e816654831
Siemens SINEMA Server | CVSS 4.7 - OTPulse