Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC
Plan Patch7.5ICS-CERT ICSA-23-348-06Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINUMERIK ONE and SINUMERIK MC products contain a denial of service vulnerability in the OPC UA implementation of the integrated S7-1500 CPU. The vulnerability is caused by an integer overflow (CWE-190) that can be triggered by a specially crafted OPC UA message sent to the device, causing the OPC UA service to crash. This results in the affected machine tool or controller becoming unresponsive until manual service restart. The S7-1500 CPU is integrated into both SINUMERIK product lines and serves as the primary control processor.
What this means
What could happen
A remote attacker can crash the OPC UA service on the integrated S7-1500 CPU by sending a specially crafted message, causing the machine tool or automation controller to stop responding until the service is manually restarted.
Who's at risk
CNC machine tool operators and manufacturing engineering teams running SINUMERIK ONE or SINUMERIK MC controllers. This affects any shop floor using Siemens SINUMERIK automation equipment for machining operations, particularly those with OPC UA integration for supervisory monitoring or production data collection.
How it could be exploited
An attacker with network access to the OPC UA port (default 4840) on SINUMERIK ONE or SINUMERIK MC can send a malicious OPC UA packet that triggers an integer overflow in the S7-1500 CPU, causing the OPC UA service to crash and become unavailable. No authentication or user interaction is required.
Prerequisites
- Network access to OPC UA port on the SINUMERIK device (default port 4840)
- Device must have OPC UA interface exposed to a network the attacker can reach
remotely exploitableno authentication requiredlow complexityaffects operational availabilitydenial of service impact
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SINUMERIK MC<V1.221.22
SINUMERIK ONE<V6.226.22
Remediation & Mitigation
0/4
Do now
0/1SINUMERIK MC
WORKAROUNDRestrict network access to the OPC UA interface on SINUMERIK MC and ONE to only trusted engineering and operations networks using firewall rules or network segmentation
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SINUMERIK MC
HOTFIXUpdate SINUMERIK MC to version 1.22 or later
SINUMERIK ONE
HOTFIXUpdate SINUMERIK ONE to version 6.22 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate machine tool control systems from corporate IT networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/265d86b4-913e-4804-afab-3e7181d62a24