Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

Plan PatchCVSS 7.5ICS-CERT ICSA-23-348-06Dec 12, 2023

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINUMERIK ONE and SINUMERIK MC products contain a denial of service vulnerability in the OPC UA implementation of the integrated S7-1500 CPU. The vulnerability is caused by an integer overflow (CWE-190) that can be triggered by a specially crafted OPC UA message sent to the device, causing the OPC UA service to crash. This results in the affected machine tool or controller becoming unresponsive until manual service restart. The S7-1500 CPU is integrated into both SINUMERIK product lines and serves as the primary control processor.

What this means

What could happen

A remote attacker can crash the OPC UA service on the integrated S7-1500 CPU by sending a specially crafted message, causing the machine tool or automation controller to stop responding until the service is manually restarted.

Who's at risk

CNC machine tool operators and manufacturing engineering teams running SINUMERIK ONE or SINUMERIK MC controllers. This affects any shop floor using Siemens SINUMERIK automation equipment for machining operations, particularly those with OPC UA integration for supervisory monitoring or production data collection.

How it could be exploited

An attacker with network access to the OPC UA port (default 4840) on SINUMERIK ONE or SINUMERIK MC can send a malicious OPC UA packet that triggers an integer overflow in the S7-1500 CPU, causing the OPC UA service to crash and become unavailable. No authentication or user interaction is required.

Prerequisites

Network access to OPC UA port on the SINUMERIK device (default port 4840)
Device must have OPC UA interface exposed to a network the attacker can reach

remotely exploitableno authentication requiredlow complexityaffects operational availabilitydenial of service impact

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINUMERIK MC<V1.221.22

SINUMERIK ONE<V6.226.22

Remediation & Mitigation

0/4

Do now

0/1

SINUMERIK MC

WORKAROUNDRestrict network access to the OPC UA interface on SINUMERIK MC and ONE to only trusted engineering and operations networks using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK MC

HOTFIXUpdate SINUMERIK MC to version 1.22 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.22 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate machine tool control systems from corporate IT networks

CVEs (1)

CVE-2023-28831

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/265d86b4-913e-4804-afab-3e7181d62a24

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.