Siemens SIMATIC and SIPLUS Products
Plan Patch7.5ICS-CERT ICSA-23-348-05Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in Siemens SIMATIC and SIPLUS products could allow an unauthorized attacker with network access to the webserver to perform a denial of service attack. The vulnerabilities affect SIMATIC PC-Station Plus, SIMATIC S7-400 CPU models 412-2 PN, 414-3 PN/DP, 414F-3 PN/DP, 416-3 PN/DP, and 416F-3 PN/DP (all V7 versions), SIPLUS S7-400 CPU models 414-3 PN/DP and 416-3 PN/DP (all V7 versions), and SINAMICS S120 controllers.
What this means
What could happen
An attacker with network access to the webserver can cause a denial of service, making the PLC or controller unresponsive and interrupting process control until the device is restarted. This could disrupt critical water treatment, pumping, or electrical distribution operations.
Who's at risk
Water authorities and municipal utilities operating Siemens SIMATIC S7-400 controllers (CPU models 412-2 PN, 414-3 PN/DP, 414F-3 PN/DP, 416-3 PN/DP, 416F-3 PN/DP), SINAMICS S120 drives, or SIMATIC PC-Station Plus engineering workstations. The S7-400 and SIPLUS variants are commonly used in SCADA systems, pump stations, treatment plant process control, and electrical substation automation. SINAMICS S120 drives control motors in fans, pumps, and compressors across water and power systems.
How it could be exploited
An attacker connects to the webserver port of an affected PLC or SINAMICS drive from the network and sends a crafted request that triggers a resource exhaustion or infinite loop condition. The device stops responding to legitimate commands and ceases normal operation.
Prerequisites
- Network access to the webserver port on the affected device
- No authentication required
Remotely exploitableNo authentication requiredLow complexityAffects operational availabilityNo patch available for most affected products
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (9)
1 with fix1 pending7 EOL
ProductAffected VersionsFix Status
SIMATIC PC-Station PlusAll versionsNo fix yet
SINAMICS S120 (incl. SIPLUS variants)<V5.2 SP3 HF155.2 SP3 HF15
SIMATIC S7-400 CPU 414-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 414F-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 416-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 416F-3 PN/DP V7All versionsNo fix (EOL)
SIPLUS S7-400 CPU 414-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 412-2 PN V7All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDisable the web server on affected systems where not required for operations
WORKAROUNDRestrict network access to the webserver to trusted users and systems only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SINAMICS S120 (including SIPLUS variants) to firmware version 5.2 SP3 HF15 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 412-2 PN V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Apply the following compensating controls:
HARDENINGSegment control system networks behind firewalls and away from business networks
HARDENINGUse VPN or other secure remote access methods if remote management of devices is required
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/24f5ee07-946b-406c-aa88-ca01f10804f8