Siemens PNI

Act Now9.8ICS-CERT ICSA-23-320-12Nov 14, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINEC PNI before version 2.0 contains input validation (CWE-20) and buffer overflow (CWE-787) vulnerabilities. An attacker can send a crafted network request that bypasses input validation, causing memory corruption and allowing remote code execution on the PNI device with no authentication required. This affects all SINEC PNI installations running versions earlier than 2.0.

What this means

What could happen

An attacker with network access to SINEC PNI could execute arbitrary code on the device, potentially compromising the ability to manage industrial network traffic and connectivity across your plant.

Who's at risk

Water and electric utilities with Siemens industrial networks should care about this. It affects SINEC PNI appliances used to manage network communication and traffic in distributed control environments, particularly in plants using SIMATIC systems or Siemens networking infrastructure.

How it could be exploited

An attacker sends a crafted network request to SINEC PNI on its network port. The device fails to validate the input properly (CWE-20) and the malformed data overwrites memory (CWE-787), allowing the attacker to run arbitrary commands on the PNI device.

Prerequisites

Network access to SINEC PNI on its listening port
No authentication or credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (92.5%)affects network communication infrastructure

Exploitability

High exploit probability (EPSS 92.5%)

Affected products (1)

ProductAffected VersionsFix Status

SINEC PNI<V2.02.0

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to SINEC PNI using firewall rules; allow only authorized engineering workstations and control system devices to connect

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEC PNI to version 2.0 or later

Long-term hardening

0/1

HARDENINGPlace SINEC PNI on a segmented industrial network isolated from business network and internet access

CVEs (13)

CVE-2022-30184 CVE-2022-37434 CVE-2022-41032 CVE-2023-21808 CVE-2023-24895 CVE-2023-24897 CVE-2023-24936 CVE-2023-28260 CVE-2023-29331 CVE-2023-32032 CVE-2023-33126 CVE-2023-33128 CVE-2023-33135

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/811994ed-695c-42f8-aa79-8e436044404c