Siemens SINUMERIK MC

Plan Patch7.8ICS-CERT ICSA-22-069-11Mar 8, 2022

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The NC plug-in card in SINUMERIK MC and SINUMERIK ONE contains a privilege escalation vulnerability that allows local attackers with a user account to escalate privileges to root level. Once root access is obtained, an attacker can read, modify, or delete G-code programs and gain full control of the CNC machine. The vulnerability requires local user account access and is not remotely exploitable. Siemens has released fixed versions: SINUMERIK MC v1.15 SP1 or later, and SINUMERIK ONE v6.15 SP1 or later.

What this means

What could happen

An attacker with local access to a SINUMERIK MC or ONE device could gain root-level control, allowing them to read, modify, or delete G-code programs that control machine operations and alter the behavior of the CNC machine.

Who's at risk

Manufacturing and machining operations that use Siemens SINUMERIK MC or SINUMERIK ONE CNC (computer numerical control) machines and machine tool controllers. This affects shops and facilities that rely on these devices for precision metalworking, tool operations, and automated manufacturing processes.

How it could be exploited

An attacker with a local user account on the affected device can escalate privileges to root through the NC plug-in card. Once root access is gained, the attacker has full control over the device, including the ability to access and modify G-code that controls machine tool operations.

Prerequisites

Local user account on the affected SINUMERIK device
Physical or network access to the device command line or terminal interface
Running a vulnerable version of SINUMERIK MC (before v1.15 SP1) or SINUMERIK ONE (before v6.15 SP1)

Privilege escalation vulnerabilityAffects control of machine tool operationsRequires local access only (not remotely exploitable)Low attack complexity

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINUMERIK MC<V1.15 SP11.15 SP1

SINUMERIK ONE<V6.15 SP16.15 SP1

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local user account access to SINUMERIK devices through access controls and authentication mechanisms

HARDENINGLimit physical and network access to SINUMERIK device command line and terminal interfaces to authorized personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK MC

HOTFIXUpdate SINUMERIK MC to version 1.15 SP1 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.15 SP1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SINUMERIK devices from general IT networks and untrusted network segments

CVEs (1)

CVE-2022-24408

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/01c1ce32-4a07-4e02-975b-086d0a6de84c