OTPulse

Siemens Web Server of Industrial Products

Plan PatchCVSS 7.5ICS-CERT ICSA-23-348-08Dec 12, 2023
SiemensManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A resource exhaustion vulnerability in the webserver component of multiple Siemens industrial communication and drive products allows a remote attacker to cause a denial-of-service condition. An unauthenticated attacker with network access to the webserver can trigger the crash, disrupting remote management and monitoring. Affected products include SIMATIC CP communication processors (models 1242-7 V2, 1243-1, 1243-1 IEC, 1243-7 LTE, 1243-8 IRC, 1543-1) and SINAMICS S210 variable frequency drives. The SIMATIC CP 1243-1 DNP3 variant has no fix available from the vendor.

What this means
What could happen
An attacker could cause a denial-of-service condition on the web server of these industrial communication modules, disrupting remote access and management capabilities for your automation devices. This could prevent operators from monitoring or adjusting process parameters if the webserver is used for device configuration or diagnostics.
Who's at risk
Manufacturing facilities using Siemens SIMATIC CP communication processors (models 1242-7 V2, 1243-1, 1243-7 LTE, 1243-8 IRC, 1543-1) or SINAMICS S210 variable frequency drives should review their deployments. These devices are typically used to provide networking and communication for PLCs and other control devices; any disruption to their webserver could affect your ability to manage and diagnose automation systems remotely.
How it could be exploited
An attacker with network access to the device's webserver could send a crafted request to trigger a resource exhaustion or memory issue that crashes the webserver process. No authentication is required; the attacker needs only to reach the device on the network port where the webserver is listening.
Prerequisites
  • Network access to the webserver port of the affected device (typically HTTP/HTTPS)
  • No authentication required
  • Device must be running a vulnerable firmware version
remotely exploitableno authentication requiredlow complexityaffects device management and diagnostic capabilities
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (9)
8 with fix1 EOL
ProductAffected VersionsFix Status
SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)<V3.4.293.4.29
SIMATIC CP 1243-1 (incl. SIPLUS variants)<V3.4.293.4.29
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)<V3.4.293.4.29
SIMATIC CP 1243-7 LTE<V3.4.293.4.29
SIMATIC CP 1243-8 IRC<V3.4.293.4.29
SIMATIC CP 1543-1<V3.0.373.0.37
SINAMICS S210 (6SL5...)≥ V6.1 <V6.1 HF26.1 HF2
SIPLUS NET CP 1543-1<V3.0.373.0.37
Remediation & Mitigation
0/6
Do now
0/1
WORKAROUNDRestrict network access to the integrated webserver using firewall rules or access control lists; only allow connections from authorized management networks
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

SINAMICS S210 (6SL5...)
HOTFIXUpdate SINAMICS S210 (6SL5...) to firmware version 6.1 HF2 or later
SIMATIC CP 1543-1
HOTFIXUpdate SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 to firmware version 3.0.37 or later
All products
HOTFIXUpdate SIMATIC CP 1242-7 V2, CP 1243-1, CP 1243-1 IEC, CP 1243-7 LTE, and CP 1243-8 IRC to firmware version 3.4.29 or later
Mitigations - no patch available
0/2
SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGPlace industrial devices behind firewalls and isolate the control system network from the business network to minimize internet exposure
HARDENINGFor remote access requirements, implement a VPN with current security patches and authentication
View full CISA ICS-CERT advisory
API: /api/v1/advisories/06d396c8-8494-4a98-ab02-3ae9f48d89a3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.