Siemens SIMATIC CN 4100

Act Now9.8ICS-CERT ICSA-24-011-09Jan 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 contains multiple critical vulnerabilities: authorization bypass through user-controlled key material, use of default credentials, and unauthenticated IP address change capability. An attacker could remotely log in as root or cause denial of service against the device.

What this means

What could happen

An attacker could gain root-level access to the CN 4100 and execute arbitrary commands, potentially disrupting process control and communications for SCADA-connected networks. Alternatively, the device could be rendered unavailable through denial of service.

Who's at risk

Operators of Siemens SIMATIC CN 4100 communication/gateway devices in plant networks should prioritize this update. The CN 4100 is commonly used as a SCADA gateway or industrial network appliance; affected sites include utilities, manufacturers, and any facility using Siemens automation networks.

How it could be exploited

An attacker on the network sends an unauthenticated IP address change command or exploits the default credentials or authorization bypass flaw to log in remotely as root. Once authenticated, the attacker can reconfigure the device, intercept traffic, or disable it entirely.

Prerequisites

Network access to the CN 4100 (typically port 22 SSH or HTTP/HTTPS management interface)
No valid credentials required for the unauthenticated IP address change or authorization bypass exploits
Device running firmware version earlier than V2.7

remotely exploitableno authentication requiredlow complexityaffects critical gateway/communication devicehigh CVSS score (9.8)default credentials presentdefault/weak key material

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100<V2.72.7

Remediation & Mitigation

0/5

Do now

0/4

HOTFIXUpdate SIMATIC CN 4100 to version 2.7 or later

WORKAROUNDRestrict network access to the CN 4100 management interface using firewall rules; allow only trusted engineering workstations and control network segments

HARDENINGPlace the CN 4100 on an isolated control network behind a firewall; do not expose it to business networks or the internet

HARDENINGChange any default credentials and review authentication mechanisms; use strong passwords and SSH key management

Long-term hardening

0/1

HARDENINGIf remote access to the device is required, use a VPN and ensure the VPN itself is kept current with security patches

CVEs (3)

CVE-2023-49251 CVE-2023-49252 CVE-2023-49621

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5ba01229-3ec8-4af2-a46e-6747e4529a3d