OTPulse
FeedAboutContact

Siemens SENTRON

Monitor7.5ICS-CERT ICSA-24-074-06Mar 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SENTRON 3KC ATC6 Expansion Module Ethernet contains an unstable, unused HTTP service listening on port 80/tcp on the Modbus Ethernet interface. An unauthenticated attacker with network access to the module can send a request that causes the HTTP service to crash, forcing the device to reboot. This causes a temporary denial of service affecting power monitoring and control functions that depend on the module.

What this means
What could happen
An attacker on the Modbus network can send a request to the unused HTTP service on port 80 to crash the SENTRON 3KC ATC6 module, forcing it to reboot and interrupting power monitoring and control functions.
Who's at risk
Power distribution and monitoring operators, especially those using SENTRON 3KC ATC6 Expansion Modules in substations, industrial plants, or utility distribution networks. The module is responsible for electrical measurement, monitoring, and control in medium-voltage switchgear systems.
How it could be exploited
An attacker with network access to the device's Modbus Ethernet port sends a malformed or specific HTTP request to port 80/tcp, triggering a crash in the unstable HTTP service. The module reboots, causing temporary loss of power measurement, monitoring, and any connected control logic that depends on the module.
Prerequisites
  • Network access to the Modbus-TCP Ethernet interface
  • Ability to reach port 80/tcp on the device
remotely exploitableno authentication requiredlow complexityno patch availableaffects power distribution operations
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75)All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict network access to the device's Modbus Ethernet port using a firewall or network segmentation to limit connections to only authorized engineering stations and control systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security updates for a patched firmware version and apply when available
Mitigations - no patch available
0/1
SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network monitoring to detect unusual HTTP traffic to port 80 on the module
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4938232c-e31c-4fac-84cd-7b7ed2ecd686