Siemens SIMATIC CN 4100

Act Now9.9ICS-CERT ICSA-23-194-03Jul 11, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 is vulnerable to improper access control (CWE-284) and insecure default configurations (CWE-276) that could allow an attacker with network access and low-level credentials to gain privilege escalation and bypass network isolation mechanisms. The device is reachable from the network if exposed, and default or weak configurations may be present.

What this means

What could happen

An attacker with network access and valid (low-privilege) credentials could escalate privileges and bypass network isolation controls, potentially gaining administrative access to the device. This could allow unauthorized control of industrial processes or lateral movement into critical infrastructure networks.

Who's at risk

Owners and operators of Siemens SIMATIC CN 4100 industrial computer systems used in manufacturing, utilities, and critical infrastructure facilities. The CN 4100 is commonly used as a human-machine interface (HMI) or control system gateway. Any organization running versions prior to V2.5 should assess if they are affected.

How it could be exploited

An attacker needs network access to the SIMATIC CN 4100 device and valid login credentials (even low-privilege ones). Once authenticated, they exploit the improper access control and insecure defaults to escalate privileges to administrative level, then use that access to bypass network isolation and move laterally into the industrial control system network or connected IT systems.

Prerequisites

Network access to SIMATIC CN 4100 (port/protocol not specified)
Valid user credentials (privilege level not specified)
Device configured with default or insecure settings

remotely exploitablelow complexityrequires valid credentialsaffects critical infrastructure gatewaysdefault credentials or insecure configurations likely present

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100<V2.52.5

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the SIMATIC CN 4100 using firewall rules; only permit connections from trusted engineering workstations and control system networks

HARDENINGReview and change all default credentials and user account privileges on the device

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 to firmware version V2.5 or later

Long-term hardening

0/1

HARDENINGSegment the device behind a firewall and isolate from business network and Internet

CVEs (2)

CVE-2023-29130 CVE-2023-29131

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ce0cfcc-5a80-48a9-aa50-e40f9cd59b74