Siemens SIMATIC Industrial Products (Update A)

Plan PatchCVSS 7.5ICS-CERT ICSA-22-041-01Feb 8, 2022

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Three vulnerabilities in Siemens SIMATIC firmware (CWE-672 improper validation, CWE-401 missing release of resources) allow unauthenticated attackers to cause denial of service conditions under certain network conditions. The vulnerabilities affect multiple SIMATIC product families including Drive Controllers, S7-1200, S7-1500, ET 200SP controllers, and TIM 1531 IRC devices. Siemens has released firmware updates for most products; however, SIMATIC ET 200SP CPU 1515SP PC and CPU 1515SP PC2 Ready4Linux (all versions) have no fix available and require network-level protection instead.

What this means

What could happen

An unauthenticated attacker on the network could trigger a denial of service condition that disrupts or halts PLC operations, interrupting production, water treatment, or power distribution processes depending on the device's role.

Who's at risk

Manufacturing plants, municipal utilities, and water treatment facilities using Siemens SIMATIC controllers (S7-1200, S7-1500, Drive Controller, ET 200SP, PLCSIM, and TIM devices) are affected. This includes both hardwired PLCs and software-based controllers used in critical process automation and safety systems.

How it could be exploited

An attacker with network access to the affected Siemens controller sends specially crafted packets to trigger the vulnerability, causing the device to stop responding or crash. No authentication is required and the attack can be executed remotely if the device is reachable from the attacker's network segment.

Prerequisites

Network access to the affected Siemens controller on ports used for Siemens communication (typically 102 for S7 protocol)
No valid credentials required
Device must be running a vulnerable firmware version

remotely exploitableno authentication requiredlow complexityhigh availability impact (denial of service)affects production and safety-critical operations

Exploitability

Some exploitation risk — EPSS score 2.0%

Affected products (16)

15 with fix1 EOL

ProductAffected VersionsFix Status

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4LinuxAll versions21.9.4

SIMATIC Drive Controller family≥ V2.9.2<V2.9.42.9.4

SIMATIC Drive Controller family<V2.9.22.9.4

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)≥ V21.9<V21.9.421.9.4

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)<V21.921.9.4

Remediation & Mitigation

0/11

Do now

0/1

WORKAROUNDRestrict network access to SIMATIC ET 200SP Open Controller CPU 1515SP PC and CPU 1515SP PC2 Ready4Linux devices that cannot be patched using firewall rules, allowing communication only from authorized engineering workstations and operator interfaces

Schedule — requires maintenance window

0/8

Patching may require device reboot — plan for process interruption

SIMATIC Drive Controller family

HOTFIXUpdate SIMATIC Drive Controller family to v2.9.4 or later

SIMATIC S7-1500 Software Controller

HOTFIXUpdate SIMATIC S7-1500 Software Controller to v21.9.4 or later

SIMATIC S7-PLCSIM Advanced

HOTFIXUpdate SIMATIC S7-PLCSIM Advanced to v4.0 SP1 or later

SIPLUS TIM 1531 IRC

HOTFIXUpdate SIPLUS TIM 1531 IRC to v2.3.6 or later

TIM 1531 IRC

HOTFIXUpdate TIM 1531 IRC to v2.3.6 or later

All products

HOTFIXUpdate SIMATIC ET 200SP Open Controller CPU 1515SP PC2 to v21.9.4 or later

HOTFIXUpdate SIMATIC S7-1200 CPU family to v4.5.2 or later

HOTFIXUpdate SIMATIC S7-1500 CPU family to v2.9.4 or later

Mitigations - no patch available

0/2

SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate control system networks from the business network and prevent direct Internet access to all affected Siemens devices

HARDENINGDeploy Siemens-recommended industrial security practices including appropriate authentication mechanisms and network segmentation as documented in Siemens operational guidelines

CVEs (3)

CVE-2021-37185 CVE-2021-37204 CVE-2021-37205

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f40f20f9-2388-4b38-a5a2-8ffebcca802c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.