Siemens SINUMERIK ONE and SINUMERIK MC

Plan Patch9.3ICS-CERT ICSA-22-314-04Nov 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINUMERIK ONE and SINUMERIK MC products contain a weak key protection vulnerability in the integrated S7-1500 CPU that could allow an attacker with local or physical access to extract cryptographic keys protecting communication between the S7-1500 CPU and the HMI. The vulnerability is documented in detail in Siemens security advisory SSA-568427.

What this means

What could happen

An attacker with local access to the SINUMERIK controller or memory card could extract cryptographic keys used to protect communication between the S7-1500 CPU and the HMI, potentially allowing them to impersonate legitimate controllers or alter machine control commands without being detected.

Who's at risk

Manufacturing facilities using Siemens SINUMERIK CNC machine controllers (SINUMERIK MC and SINUMERIK ONE) should be concerned. This affects machine tool control systems that depend on secure HMI-to-controller communication for safe and authorized operation.

How it could be exploited

An attacker must physically access the SINUMERIK NCU (control unit) or its memory cards, or gain local access to the integrated S7-1500 CPU hardware. Once local access is obtained, they can exploit weak key protection mechanisms to extract cryptographic keys that secure HMI-to-controller communication. These keys could then be used to forge or intercept control commands.

Prerequisites

Physical or local access to the SINUMERIK controller hardware or memory cards
Knowledge of the weak key protection mechanism in the S7-1500 CPU
Access to extract or read protected memory regions

weak cryptographic key protectionaffects machine control systemsrequires physical or local access to exploitkey protection documented in related advisory SSA-568427

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINUMERIK MC<V6.216.21

SINUMERIK ONE<V6.216.21

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDRestrict network access to S7-1500 CPU and HMI communication to trusted network segments only; do not expose to the Internet

HARDENINGImplement physical security controls to prevent unauthorized access to SINUMERIK NCU and memory cards

HARDENINGProtect TIA Portal project files and SINUMERIK NCU hardware from unauthorized actors through access controls

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK MC

HOTFIXUpdate SINUMERIK MC to version 6.21 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.21 or later

Long-term hardening

0/1

HARDENINGSegment industrial control networks from business networks using firewalls

CVEs (1)

CVE-2022-38465

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b0f1a932-9de8-472f-8433-014fc1ddcddb