Siemens SINEC INS

Act Now9.8ICS-CERT ICSA-22-069-09Mar 8, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINEC INS contains 71 vulnerabilities in third-party open-source components including Node.js, cURL, SQLite, CivetWeb, and ISC BIND. These vulnerabilities could allow unauthenticated remote attackers to compromise the system through various attack vectors, including memory corruption, input validation failures, path traversal, SSL/TLS issues, and insufficient access controls. The vulnerabilities affect configuration, data integrity, and system availability.

What this means

What could happen

An attacker with network access to SINEC INS could exploit one of 71 vulnerabilities in third-party libraries to gain remote code execution, allowing them to read sensitive data, modify critical network settings, or disrupt the integrity and availability of the industrial network management system.

Who's at risk

Operators of Siemens SINEC INS (Industrial Network Services) installations should prioritize this—SINEC INS is typically used to manage and monitor industrial control networks, Ethernet switches, and remote I/O devices in water utilities, electric substations, and manufacturing facilities. Any organization relying on SINEC INS for network management and visibility is at risk.

How it could be exploited

An attacker could send specially crafted network requests to SINEC INS exploiting vulnerabilities in Node.js, cURL, SQLite, CivetWeb, or ISC BIND components. This could lead to remote code execution without requiring authentication, allowing the attacker to execute arbitrary commands on the system and compromise the network infrastructure it manages.

Prerequisites

Network access to SINEC INS (port and protocol dependent on specific vulnerability)
No authentication required for exploitation of most vulnerabilities

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (89.4%)Actively exploited in the wild is not confirmed but E:P indicates potential exploitationAffects network management system central to OT infrastructurePatch available but requires version upgrade

Exploitability

High exploit probability (EPSS 89.4%)

Affected products (1)

ProductAffected VersionsFix Status

SINEC INS<V1.0.1.11.0.1.1

Remediation & Mitigation

0/4

Do now

0/2

HOTFIXUpdate SINEC INS to version 1.0.1.1 or later

HARDENINGRestrict network access to SINEC INS using firewalls; do not expose to the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to SINEC INS is required, use a VPN or other secure tunnel and keep it updated

Long-term hardening

0/1

HARDENINGIsolate SINEC INS and dependent control system networks from business networks using network segmentation

CVEs (71)

CVE-2019-19242 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2020-1971 CVE-2020-7774 CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8265 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8287 CVE-2020-8625 CVE-2020-9327 CVE-2020-11655 CVE-2020-11656 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-13871 CVE-2020-15358 CVE-2020-27304 CVE-2021-3449 CVE-2021-3450 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-22876 CVE-2021-22883 CVE-2021-22884 CVE-2021-22890 CVE-2021-22897 CVE-2021-22898 CVE-2021-22901 CVE-2021-22918 CVE-2021-22921 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22926 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 CVE-2021-23362 CVE-2021-23840 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 CVE-2021-25219 CVE-2021-27290 CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e34da3a7-7f7c-4383-83ab-b2fb5f0e205c