Siemens SINEC INS

Act Now9.9ICS-CERT ICSA-23-017-03Jan 10, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens SINEC INS versions prior to 1.0 SP2 Update 1 contain multiple vulnerabilities that allow an authenticated attacker to read and write arbitrary files on the device and execute arbitrary code. The vulnerabilities include command injection (CWE-78), path traversal (CWE-22), buffer overflow (CWE-787), weak cryptography (CWE-326), and insufficient randomness (CWE-330) in third-party components. DHCP service (CVE-2022-45094) and SFTP service (CVE-2022-45093) are specifically identified as vulnerable.

What this means

What could happen

An attacker with valid user credentials could read or write arbitrary files on the SINEC INS device and execute arbitrary code, potentially disrupting network synchronization, configuration management, or allowing lateral movement into industrial automation systems.

Who's at risk

Network time synchronization and industrial automation infrastructure relying on Siemens SINEC INS for network synchronization services in manufacturing, utilities, and critical infrastructure environments should prioritize this vulnerability.

How it could be exploited

An attacker with valid user credentials gains network access to the SINEC INS device. The attacker exploits file system vulnerabilities (CWE-22, CWE-787) or command injection flaws (CWE-78) to read sensitive files, modify configurations, or execute arbitrary commands, ultimately achieving code execution on the device.

Prerequisites

Valid user credentials for SINEC INS
Network access to the affected SINEC INS device (port unspecified, likely 443 or management interface)
SINEC INS version prior to 1.0 SP2 Update 1

Remotely exploitableRequires valid user credentialsLow attack complexityHigh EPSS score (89.6%)Affects network infrastructure serving industrial automation systems

Exploitability

High exploit probability (EPSS 89.6%)

Affected products (1)

ProductAffected VersionsFix Status

SINEC INS<V1.0 SP2 Update 11.0 SP2 Update 1

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDisable the DHCP service on SINEC INS if not required for network operations

WORKAROUNDDisable the SFTP service on SINEC INS if not required for remote file management

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEC INS to version 1.0 SP2 Update 1 or later

Long-term hardening

0/3

HARDENINGImplement network segmentation to isolate SINEC INS from the general IT network and the Internet

HARDENINGRestrict user access to SINEC INS to the minimum necessary for operations (least-privilege principle)

HARDENINGDeploy a firewall or access control list to limit network access to SINEC INS management interfaces

CVEs (12)

CVE-2022-2068 CVE-2022-2097 CVE-2022-2274 CVE-2022-32212 CVE-2022-32213 CVE-2022-32215 CVE-2022-32222 CVE-2022-35255 CVE-2022-35256 CVE-2022-45092 CVE-2022-45093 CVE-2022-45094

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f5f8b0e2-55bd-481e-ad42-7f0f3bd875d7