Siemens SIMATIC

Act NowCVSS 9.8ICS-CERT ICSA-24-074-07Mar 12, 2024

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in SIMATIC RF160B RFID readers (versions below V2.2) could allow an attacker to execute arbitrary code within the context of a privileged process. The vulnerabilities span memory corruption (CWE-119, CWE-125, CWE-190, CWE-191, CWE-787, CWE-416), insufficient input validation (CWE-20, CWE-665), weak authentication and authorization (CWE-287, CWE-862, CWE-863), insecure cryptography (CWE-326, CWE-330, CWE-295), and other issues (CWE-74, CWE-116, CWE-120, CWE-502, CWE-610, CWE-681, CWE-668, CWE-281, CWE-835, CWE-1188, and others). The affected device is the SIMATIC RF160B firmware versions below V2.2.

What this means

What could happen

An attacker could execute arbitrary code on the SIMATIC RF160B reader with elevated privileges, potentially allowing them to modify RFID read/write operations, alter process data, or disrupt industrial processes that depend on RFID identification and authentication.

Who's at risk

Manufacturing facilities and warehouses using Siemens SIMATIC RF160B RFID readers for product identification, tracking, and authentication in automated processes. This includes discrete manufacturing, food/beverage production, and logistics operations where RFID-based process control is critical.

How it could be exploited

An attacker with network access to the SIMATIC RF160B can send specially crafted requests that exploit memory corruption or input validation weaknesses to inject and execute arbitrary code in a privileged process context. The vulnerability is remotely exploitable without requiring authentication or user interaction.

Prerequisites

Network access to the SIMATIC RF160B device
No authentication required
No special configuration or user interaction needed

Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)High EPSS score (62.7%)Affects industrial process controlCode execution in privileged context

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SIMATIC RF160B (6GT2003-0FA00)<V2.22.2

SIMATIC RF160B (6GT2003-0FA00): <V2.2<V2.2V2.2

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXUpdate SIMATIC RF160B firmware to version V2.2 or later

WORKAROUNDRestrict network access to SIMATIC RF160B devices using firewall rules and network segmentation (allow only authorized engineering workstations and control systems)

Long-term hardening

0/1

HARDENINGImplement defense-in-depth network architecture with proper access controls and monitoring for ICS environment per Siemens operational guidelines

CVEs (157)

CVE-2017-14491 CVE-2017-18509 CVE-2020-0338 CVE-2020-0417 CVE-2020-10768 CVE-2020-11301 CVE-2020-14305 CVE-2020-14381 CVE-2020-15436 CVE-2020-24587 CVE-2020-25705 CVE-2020-26555 CVE-2020-26558 CVE-2020-29660 CVE-2020-29661 CVE-2021-0302 CVE-2021-0305 CVE-2021-0325 CVE-2021-0326 CVE-2021-0327 CVE-2021-0328 CVE-2021-0329 CVE-2021-0330 CVE-2021-0331 CVE-2021-0333 CVE-2021-0334 CVE-2021-0336 CVE-2021-0337 CVE-2021-0339 CVE-2021-0341 CVE-2021-0390 CVE-2021-0391 CVE-2021-0392 CVE-2021-0393 CVE-2021-0394 CVE-2021-0396 CVE-2021-0397 CVE-2021-0399 CVE-2021-0400 CVE-2021-0429 CVE-2021-0431 CVE-2021-0433 CVE-2021-0434 CVE-2021-0435 CVE-2021-0436 CVE-2021-0437 CVE-2021-0438 CVE-2021-0443 CVE-2021-0444 CVE-2021-0471 CVE-2021-0473 CVE-2021-0474 CVE-2021-0476 CVE-2021-0478 CVE-2021-0480 CVE-2021-0481 CVE-2021-0484 CVE-2021-0506 CVE-2021-0507 CVE-2021-0508 CVE-2021-0509 CVE-2021-0510 CVE-2021-0511 CVE-2021-0512 CVE-2021-0513 CVE-2021-0514 CVE-2021-0515 CVE-2021-0516 CVE-2021-0519 CVE-2021-0520 CVE-2021-0521 CVE-2021-0522 CVE-2021-0584 CVE-2021-0585 CVE-2021-0586 CVE-2021-0587 CVE-2021-0588 CVE-2021-0589 CVE-2021-0591 CVE-2021-0593 CVE-2021-0594 CVE-2021-0596 CVE-2021-0597 CVE-2021-0598 CVE-2021-0599 CVE-2021-0600 CVE-2021-0601 CVE-2021-0604 CVE-2021-0640 CVE-2021-0641 CVE-2021-0642 CVE-2021-0646 CVE-2021-0650 CVE-2021-0651 CVE-2021-0652 CVE-2021-0653 CVE-2021-0682 CVE-2021-0683 CVE-2021-0684 CVE-2021-0687 CVE-2021-0688 CVE-2021-0689 CVE-2021-0690 CVE-2021-0692 CVE-2021-0695 CVE-2021-0704 CVE-2021-0706 CVE-2021-0708 CVE-2021-0870 CVE-2021-0919 CVE-2021-0920 CVE-2021-0926 CVE-2021-0928 CVE-2021-0929 CVE-2021-0930 CVE-2021-0931 CVE-2021-0933 CVE-2021-0952 CVE-2021-0953 CVE-2021-0961 CVE-2021-0963 CVE-2021-0964 CVE-2021-0965 CVE-2021-0967 CVE-2021-0968 CVE-2021-0970 CVE-2021-1972 CVE-2021-1976 CVE-2021-29647 CVE-2021-33909 CVE-2021-38204 CVE-2021-39621 CVE-2021-39623 CVE-2021-39626 CVE-2021-39627 CVE-2021-39629 CVE-2021-39633 CVE-2021-39634 CVE-2022-20127 CVE-2022-20130 CVE-2022-20227 CVE-2022-20229 CVE-2022-20355 CVE-2022-20411 CVE-2022-20421 CVE-2022-20422 CVE-2022-20423 CVE-2022-20462 CVE-2022-20466 CVE-2022-20468 CVE-2022-20469 CVE-2022-20472 CVE-2022-20473 CVE-2022-20476 CVE-2022-20483 CVE-2022-20498 CVE-2022-20500

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ba9d2be7-9bb1-4fec-935b-40172e8d3e61

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.