OTPulse
FeedAboutContact

Siemens SIMATIC eaSie Core Package

Act Now10ICS-CERT ICSA-22-195-15Jul 12, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC eaSie Core Package contains multiple vulnerabilities in its message passing framework that allow an unauthenticated attacker to send arbitrary messages or crash the application. An attacker with network access can inject malicious messages into the framework without credentials, potentially manipulating application behavior or causing denial of service. Siemens has released version 22.00 which addresses these issues.

What this means
What could happen
An attacker could inject arbitrary messages into SIMATIC eaSie's message passing system, allowing them to manipulate application behavior or crash the engineering environment. This could disrupt engineering workflows, configuration management, and potentially affect connected control systems during updates or maintenance operations.
Who's at risk
Organizations using SIMATIC eaSie for engineering, configuration, and management of Siemens industrial control systems should care. This includes utilities, water authorities, and manufacturing facilities that depend on eaSie for PLC programming, HMI design, and system configuration. Particularly affects facilities that expose eaSie workstations to networked environments or allow remote engineering access.
How it could be exploited
An attacker with network access to the SIMATIC eaSie Core Package could send malicious messages directly to the underlying message passing framework. Because authentication is not required and complexity is low, the attacker can inject commands to either alter application state or trigger a denial of service by crashing the eaSie process.
Prerequisites
  • Network access to the SIMATIC eaSie Core Package instance
  • No credentials required
  • Network communication capability to message passing framework port
remotely exploitableno authentication requiredlow complexityaffects engineering environment for critical control systemshigh CVSS score (10.0)
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC eaSie Core Package<V22.0022.00
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to SIMATIC eaSie systems using firewall rules; ensure the device is not accessible from the Internet
HARDENINGIsolate SIMATIC eaSie engineering systems and control system networks behind firewalls, separate from business networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC eaSie Core Package to version 22.00 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b3bdc436-96b0-4418-a01f-7014051fd6a3
Siemens SIMATIC eaSie Core Package | CVSS 10 - OTPulse