OTPulse

Siemens TIA Administrator

Plan PatchCVSS 7.5ICS-CERT ICSA-22-104-16Apr 12, 2022
Siemens
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial of service vulnerability exists in TIA Administrator that allows an unauthenticated attacker on the network to disrupt the administration service. The vulnerability occurs during product installation across SIMATIC PCS neo Administration Console (versions before 3.1 SP1), SINETPLAN (all versions), and TIA Portal (versions 15, 15.1, 16, and 17). An attacker can flood port 8888/TCP with requests to exhaust resources and prevent legitimate engineering access. TIA Administrator is a critical component used to configure, deploy, and manage SIMATIC automation devices including PLCs.

What this means
What could happen
An unauthenticated attacker on the network could overwhelm TIA Administrator with requests, causing it to stop responding and interrupting engineering work on SIMATIC systems. TIA Administrator is critical for configuring and managing PLCs and other automation devices.
Who's at risk
This affects organizations using Siemens TIA Portal (versions 15 through 17), SINETPLAN, or SIMATIC PCS neo Administration Console for engineering and management of programmable logic controllers (PLCs) and automation systems. Any plant with a networked engineering workstation running these tools could be impacted.
How it could be exploited
An attacker with network access to port 8888/TCP on a device running TIA Administrator can send a flood of requests to exhaust system resources and trigger a denial of service condition. No credentials or special complexity required.
Prerequisites
  • Network access to port 8888/TCP on the TIA Administrator host
  • TIA Administrator exposed to attacker network (not restricted to localhost)
remotely exploitableno authentication requiredlow complexityaffects engineering environmentdefault port exposed
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (3)
2 with fix1 pending
ProductAffected VersionsFix Status
SIMATIC PCS neo (Administration Console)<V3.1 SP13.1 SP1
TIA Portal15|15.1|16|17No fix yet
SINETPLANAll versions1.0 SP7
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDRestrict network access to port 8888/TCP to localhost only (127.0.0.1)
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

SIMATIC PCS neo (Administration Console)
HOTFIXUpdate SIMATIC PCS neo Administration Console to version 3.1 SP1 or later
TIA Portal
HOTFIXUpdate TIA Administrator to version 1.0 SP7 or later for SINETPLAN and TIA Portal versions 15, 15.1, 16, and 17
Long-term hardening
0/2
HARDENINGPlace TIA Administrator hosts behind a firewall and isolate from business network
HARDENINGEnsure TIA Administrator is not accessible from the Internet
View full CISA ICS-CERT advisory
API: /api/v1/advisories/71925531-9f68-40a1-8e7b-f5c747cc1240

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens TIA Administrator | CVSS 7.5 - OTPulse