Siemens OpenSSL Affected Industrial Products
Plan Patch7.5ICS-CERT ICSA-22-167-14Jun 14, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the OpenSSL component (CVE-2022-0778) allows an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products using a vulnerable version of OpenSSL. This affects a wide range of Siemens industrial networking, control, and connectivity products including SCALANCE switches and routers, RUGGEDCOM industrial routers, SIMATIC S7-1200/1500 CPUs and communication modules, Industrial Edge connectors, HMI panels, and engineering software. Many products across manufacturing and transportation sectors are affected. Some products are end-of-life with no fix planned; others have firmware updates available from Siemens.
What this means
What could happen
An attacker who provides a specially crafted elliptic curve certificate to a vulnerable Siemens device can cause it to become unresponsive, denying access to the device and potentially disrupting process control, data communication, or management functions. Devices affected include industrial switches, routers, PLCs, and HMI systems across water, electric, and manufacturing operations.
Who's at risk
This vulnerability affects operators and maintainers of Siemens industrial automation systems across manufacturing, transportation, utilities, and process industries. Specifically impacted are: (1) Industrial switches and routers (SCALANCE X, M, W, XR, XM, XC, XB, XF, XP series; RUGGEDCOM RM, ROX, RX series) that manage plant network traffic; (2) Programmable logic controllers (SIMATIC S7-1200, S7-1500 families, ET 200SP, ET 200pro) that control industrial processes; (3) Communication modules and network cards (CP series) used for remote access and data transfer; (4) HMI and engineering workstations (TIA Portal, WinCC, SIMOTION, SINAMICS software) used to configure and monitor systems; (5) Specialized connectors (Industrial Edge OPC UA Connector, SIMATIC Cloud Connect) for connectivity and data integration. All sectors relying on Siemens automation are at risk, particularly water authorities and electric utilities that depend on these devices for supervisory control and process monitoring.
How it could be exploited
An attacker could send a malicious certificate to a Siemens device over the network (via TLS/SSL connection or OPC UA protocol). The vulnerable OpenSSL library processes the crafted elliptic curve parameters and enters an infinite loop, consuming CPU resources and causing the device to become unresponsive. No authentication is required for this attack.
Prerequisites
- Network connectivity to the affected device on its management or operational port (typically port 443 for HTTPS, port 4840 for OPC UA, or port 102 for S7 communication)
- The device must be running a vulnerable version of OpenSSL
Remotely exploitable without authentication requiredNo patch available for many products (end-of-life SCALANCE and OpenPCS 7 models)Affects critical control systems (PLCs, switches, HMI)Low-complexity attack vectorDenial of service impact on industrial operations
Exploitability
Moderate exploit probability (EPSS 8.3%)
Affected products (442)
343 with fix99 pending
ProductAffected VersionsFix Status
Industrial Edge - OPC UA Connector<V1.71.7
Industrial Edge - SIMATIC S7 Connector App<V1.71.7
OpenPCS 7 V8.2All versionsNo fix yet
OpenPCS 7 V9.0All versionsNo fix yet
OpenPCS 7 V9.1All versionsNo fix yet
Remediation & Mitigation
0/9
Do now
0/2WORKAROUNDFor products where no fix is available, disable TLS/SSL certificate validation mechanisms if operationally feasible, or restrict TLS/SSL traffic to trusted certificate sources only
HARDENINGRestrict network access to affected devices using firewall rules; allow only trusted management IPs to connect to management ports (443, 4840, 102)
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
SCALANCE M876-4 (NAM)
HOTFIXUpdate SIMATIC engineering and HMI software (TIA Portal V15/V16/V17, WinCC, SIMOTION SCOUT TIA, SINAMICS software) to fixed versions where available
All products
HOTFIXUpdate all SCALANCE switches, routers, and wireless devices to the specified fixed firmware versions (e.g., 4.1.7, 4.4, 5.5.2, 6.5, 7.2, 8.7.1.11 depending on model)
HOTFIXUpdate RUGGEDCOM industrial routers (RM1224, ROX series, RX series) to fixed versions 2.15.1 or 7.2
HOTFIXUpdate SIMATIC S7-1200 and S7-1500 CPUs to fixed firmware versions (4.6.0 for S7-1200; 2.9.7 or 3.0.1 for S7-1500 depending on model)
HOTFIXUpdate SIMATIC communication modules (CP 1242, CP 1243, CP 1543, CP 1545, CP 443, etc.) to fixed firmware versions (3.4.29, 3.0.37, 2.2.28, 3.3 depending on model)
HOTFIXUpdate Industrial Edge OPC UA Connector and SIMATIC S7 Connector App to version 1.7 or later
Long-term hardening
0/1HARDENINGFor OpenPCS 7 all versions and end-of-life products with no fix planned, implement network segmentation to restrict access to affected devices from untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/40abbdd9-265c-4079-9708-916990f4b469