OTPulse
FeedAboutContact

Siemens SINUMERIK

Plan Patch7.5ICS-CERT ICSA-23-348-11Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A use-after-free vulnerability (CWE-416) exists in the integrated S7-1500 CPU of SINUMERIK ONE and SINUMERIK MC products. An attacker with network access to port 102/tcp can trigger a denial of service condition, causing the CPU to become unavailable and halting machine operations.

What this means
What could happen
An attacker on your network could crash the S7-1500 CPU in SINUMERIK control systems by sending a crafted message to port 102, causing the connected machinery to stop operating until the controller is manually restarted.
Who's at risk
Water and electric utilities operating SINUMERIK CNC machine tools and automated manufacturing equipment should pay attention, especially those with SINUMERIK ONE or SINUMERIK MC systems running older firmware versions. Any facility using these controllers for critical process automation or material handling is at risk.
How it could be exploited
An attacker needs to reach port 102/tcp on the integrated S7-1500 CPU. Once reachable, they send a specially crafted network packet that triggers a use-after-free condition in the CPU firmware, causing the processor to crash and stop responding to control commands.
Prerequisites
  • Network access to port 102/tcp on the S7-1500 CPU
  • SINUMERIK ONE version below 6.24 or SINUMERIK MC version below 1.24
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects machinery availability and safety systemsport 102 commonly routed to industrial networks
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SINUMERIK MC<V1.241.24
SINUMERIK ONE<V6.246.24
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to port 102/tcp on the S7-1500 CPU to only trusted engineering workstations and control networks; block access from business networks and the internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

SINUMERIK MC
HOTFIXUpdate SINUMERIK ONE to version 6.24 or later and SINUMERIK MC to version 1.24 or later
Long-term hardening
0/2
HARDENINGIsolate SINUMERIK control systems behind a firewall separate from business networks and ensure they are not accessible from the internet
HARDENINGIf remote access to SINUMERIK systems is required, use a VPN with current updates and ensure only authorized personnel can connect
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/49746597-1706-4fca-8a1d-fbe7502cc651
Siemens SINUMERIK | CVSS 7.5 - OTPulse