OTPulse
FeedAboutContact

Siemens PROFINET Stack Integrated on Interniche Stack

Monitor5.3ICS-CERT ICSA-22-104-06Apr 12, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a denial-of-service vulnerability (CWE-400: Uncontrolled Resource Consumption) in various Siemens industrial automation controllers and I/O modules. An attacker with network access to port 102/TCP could send specially crafted packets to crash or hang affected devices, disrupting operations until the device is restarted.

What this means
What could happen
An attacker could crash a PROFINET-enabled PLC or I/O module by sending malformed network traffic, causing the device to stop responding and halting any automated processes it controls until manually restarted. This affects manufacturing lines, pump stations, motor drives, and other critical control logic.
Who's at risk
Manufacturing and transportation sectors using Siemens S7-300, S7-400, and S7-410 PLCs; SIMATIC and SIPLUS ET 200 I/O modules and couplers; SINAMICS motor drives; and SIMATIC TDC temperature controllers. Any facility with PROFINET-networked Siemens automation equipment is potentially affected, including water treatment plants, power distribution systems, and conveyor/production systems.
How it could be exploited
An attacker needs network access to the PROFINET network and port 102/TCP on the target controller. They send a specially crafted packet to trigger uncontrolled resource consumption in the Interniche IP stack, causing the PROFINET device to hang or crash and stop processing commands from the engineering workstation or other controllers.
Prerequisites
  • Network access to PROFINET device on port 102/TCP
  • Device running affected firmware version with Interniche PROFINET stack
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects operational availabilitymultiple products without fixes available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (76)
48 with fix28 pending
ProductAffected VersionsFix Status
SIPLUS ET 200SP IM 155-6 PN HF TX RAIL≥ V4.2.0No fix yet
SIPLUS HCS4200 CIM4210All versionsNo fix yet
SIPLUS HCS4200 CIM4210CAll versionsNo fix yet
SIPLUS HCS4300 CIM4310All versionsNo fix yet
SIPLUS NET PN/PN Coupler≥ 4.2No fix yet
Remediation & Mitigation
0/27
Do now
0/1
WORKAROUNDRestrict network access to port 102/TCP on PROFINET devices to trusted engineering workstations and control systems only; configure firewall or switch rules to limit source IP addresses
Schedule — requires maintenance window
0/24

Patching may require device reboot — plan for process interruption

SIMATIC TDC CP51M1
HOTFIXUpdate SIMATIC TDC CP51M1 to version 1.1.10 or later
SIMATIC TDC CPU555
HOTFIXUpdate SIMATIC TDC CPU555 to version 1.2.1 or later
SINAMICS DCM
HOTFIXUpdate SINAMICS DCM to version 1.5 SP1 or later with Ethernet interface
SINAMICS G110M
HOTFIXUpdate SINAMICS G110M to version 4.7.14 or later
SINAMICS G115D
HOTFIXUpdate SINAMICS G115D to version 4.7.14 or later
SINAMICS G130
HOTFIXUpdate SINAMICS G130 to version 5.2.3.13 or later
SINAMICS G150
HOTFIXUpdate SINAMICS G150 to version 5.2.3.13 or later
SINAMICS S150
HOTFIXUpdate SINAMICS S150 to version 5.2.3.13 or later
SINAMICS S210 (6SL5...)
HOTFIXUpdate SINAMICS S210 (6SL5...) to version 5.2 SP3 HF18 or later
SINAMICS V90
HOTFIXUpdate SINAMICS V90 to version 1.04.04 or later
SIMATIC CFU DIQ
HOTFIXUpdate SIMATIC CFU DIQ to version 2.0.0 or later
SIMATIC CFU PA
HOTFIXUpdate SIMATIC CFU PA to version 2.0.0 or later
All products
HOTFIXUpdate affected S7-300 CPUs (315-2, 315F-2, 315T-3, 317-2, 317F-2, 317T-3, 317TF-3, 319-3, 319F-3) to firmware version 3.2.19 or later
HOTFIXUpdate affected S7-300 CPU 314C-2 PN/DP to firmware version 3.3.19 or later
HOTFIXUpdate affected ET 200pro and ET 200S I/O modules to firmware version 3.2.19 or later
HOTFIXUpdate S7-400 H V6 CPU family to version 6.0.10 or later
HOTFIXUpdate S7-410 V8 CPU family to version 8.2.3 or later
HOTFIXUpdate S7-410 V10 CPU family to version 10.1.1 or later
HOTFIXUpdate S7-1500 CPU family to version 2.0.0 or later
HOTFIXUpdate SINAMICS G120 to version 4.7 SP14 or later with Ethernet interface
HOTFIXUpdate SINAMICS S120 to version 5.2 SP3 HF13 or later
HOTFIXUpdate SIMATIC ET200ecoPN modules to version 5.1.2 or later (5.1.3 for DIQ 16x24VDC/2A variant)
HOTFIXUpdate SIPLUS S7-300 CPUs (315-2, 315F-2, 317-2, 317F-2 variants) to version 3.2.19 or later
HOTFIXUpdate SIPLUS ET 200S I/O modules to version 3.2.19 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate PROFINET control networks from general-purpose IT networks and untrusted external networks
HARDENINGApply Siemens operational guidelines for industrial security and configure environment according to product manuals and defense-in-depth recommendations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3c902dd6-41d8-4e87-b5a0-4eb1cf3ad415