Siemens SIMATIC CP 44x-1 RNA

Plan Patch7.4ICS-CERT ICSA-22-132-11May 10, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial of service vulnerability exists in Siemens SIMATIC CP 44x-1 RNA communication processor modules (CP 442-1 RNA and CP 443-1 RNA) prior to firmware version 1.5.18. An attacker with network access to the device could trigger a condition that causes the module to stop responding, disrupting industrial processes that depend on this communication gateway.

What this means

What could happen

An attacker could cause the communication processor module to become unresponsive, disrupting network connectivity and data flow between your SIMATIC control system and industrial devices until the module is manually reset or rebooted.

Who's at risk

Any water authority or utility operating Siemens SIMATIC S7-1200, S7-1500, or S7-400 automation systems using CP 442-1 RNA or CP 443-1 RNA communication processor modules for Ethernet/industrial protocol conversion and data routing between control networks.

How it could be exploited

An attacker with network access to the communication processor module could send specially crafted network traffic to trigger a resource exhaustion condition (CWE-400), causing the module to stop processing legitimate communications and become unavailable.

Prerequisites

Network access to the SIMATIC CP 44x-1 RNA module on port 502 (Modbus) or other industrial protocols
No credentials or authentication required

remotely exploitableno authentication requiredlow complexityaffects industrial communication infrastructureactively used in production environments

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SIMATIC CP 442-1 RNA<V1.5.181.5.18

SIMATIC CP 443-1 RNA<V1.5.181.5.18

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to communication processor modules using firewall rules; deny external access and limit to only authorized engineering/operations systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SIMATIC CP 442-1 RNA

HOTFIXUpdate SIMATIC CP 442-1 RNA firmware to version 1.5.18 or later

SIMATIC CP 443-1 RNA

HOTFIXUpdate SIMATIC CP 443-1 RNA firmware to version 1.5.18 or later

Long-term hardening

0/2

HARDENINGSegment industrial control networks from business networks and the Internet using firewalls and air-gapping where possible

HARDENINGIf remote access to the communication processor is required, use a VPN with strong authentication and keep VPN software updated

CVEs (1)

CVE-2022-27640

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ad26f978-ec45-4d91-bc6e-9ff115f1d349