Siemens SIMATIC

Act Now10ICS-CERT ICSA-24-011-10Jan 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MaxView Storage Manager shipped with Siemens SIMATIC IPC1047E, IPC647E, and IPC847E contains a Redfish Server vulnerability that allows unauthenticated remote access to the storage and system management interface. The vulnerability affects versions earlier than V4.14.00.26068. Exploitation requires only network reachability to the management interface and does not require user interaction or credentials.

What this means

What could happen

An attacker with network access to the device could bypass authentication to the maxView Storage Manager, gaining unauthorized access to storage and system management functions that could be used to disrupt operations or exfiltrate data.

Who's at risk

Water utilities, municipal electric systems, and other critical infrastructure operators running SIMATIC IPC1047E, IPC647E, or IPC847E industrial PCs with maxView Storage Manager should assess exposure. These devices are commonly used for process control, data logging, and remote system management in treatment plants and substations.

How it could be exploited

An attacker reaches the maxView Storage Manager web interface on the SIMATIC IPC over the network and exploits a Redfish Server vulnerability to bypass authentication. No special credentials or user interaction are needed to access the management interface or trigger the vulnerability.

Prerequisites

Network reachability to the maxView Storage Manager web interface (typically port 443 or 8443)
maxView Storage Manager version earlier than V4.14.00.26068 installed on the SIMATIC IPC

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (10.0)Affects device management and storage functions

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

SIMATIC IPC1047E<with maxView Storage Manager V4.14.00.26068 on WindowsNo fix yet

SIMATIC IPC647E<with maxView Storage Manager V4.14.00.26068 on WindowsNo fix yet

SIMATIC IPC847E<with maxView Storage Manager V4.14.00.26068 on WindowsNo fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to maxView Storage Manager using firewall rules; ensure the device is not reachable from the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate maxView Storage Manager to V4.14.00.26068 or later version

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the SIMATIC IPC and its management interfaces from business networks; place control system networks behind firewalls

CVEs (1)

CVE-2023-51438

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b6763846-3608-4e6d-b079-fd0a50c22d55