Siemens SIMATIC NET CP Modules
Plan Patch7.5ICS-CERT ICSA-21-257-15Sep 14, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial of service vulnerability exists in Siemens SIMATIC NET communication processors. An attacker can send a malformed packet to port 102/TCP that causes the communication processor to become unresponsive, requiring a manual restart. Affected models are SIMATIC CP 343-1, CP 343-1 Advanced, CP 343-1 ERPC, CP 343-1 Lean, and SIMATIC CP 443-1 series. Siemens has released firmware version 3.3 or later for CP 443-1 models. CP 343-1 variants have no patch available.
What this means
What could happen
An attacker could send a specially crafted message to a Siemens communication processor over the network, causing it to stop responding until manually restarted, interrupting communication to PLCs and connected field devices.
Who's at risk
Water authorities and electric utilities using Siemens SIMATIC NET CP communication processors (models CP 343-1, CP 343-1 Advanced, CP 343-1 ERPC, CP 343-1 Lean, CP 443-1, and CP 443-1 Advanced) for PLC-to-network communication and data acquisition. These modules are critical to SCADA and process automation systems.
How it could be exploited
An attacker on the network sends a malformed packet to port 102/TCP on an unpatched communication processor. The device crashes or becomes unresponsive, requiring a restart to restore connectivity between the PLC and the industrial network.
Prerequisites
- Network reachability to port 102/TCP on the communication processor
- No authentication required to send the malicious packet
Remotely exploitable over the networkNo authentication requiredLow complexity attackAffects availability of automation systemsCP 343 models have no patch available
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (8)
4 with fix4 EOL
ProductAffected VersionsFix Status
SIMATIC CP 443-1<V3.33.3
SIMATIC CP 443-1 Advanced<V3.33.3
SIPLUS NET CP 443-1<V3.33.3
SIPLUS NET CP 443-1 Advanced<V3.33.3
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC CP 343-1 ERPCAll versionsNo fix (EOL)
SIMATIC CP 343-1 Lean (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC CP 343-1 (incl. SIPLUS variants)All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDRestrict network access to port 102/TCP to only trusted engineering workstations and automation systems
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SIMATIC CP 443-1
HOTFIXUpdate SIMATIC CP 443-1 and CP 443-1 Advanced devices to firmware version 3.3 or later
SIPLUS NET CP 443-1
HOTFIXUpdate SIPLUS NET CP 443-1 and CP 443-1 Advanced devices to firmware version 3.3 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: SIMATIC CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC CP 343-1 ERPC, SIMATIC CP 343-1 Lean (incl. SIPLUS variants), SIMATIC CP 343-1 (incl. SIPLUS variants). Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate industrial control network from business network and Internet
HARDENINGPlace communication processors behind a firewall with rules limiting inbound access to port 102/TCP from authorized sources only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/17d52f31-3d16-4361-8b94-55a5ae3beee1