Siemens SIMATIC CN 4100

Act Now10ICS-CERT ICSA-24-137-06May 14, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 firmware versions below 3.0 contain hard-coded root user credentials that allow unauthenticated remote login, and feature an unrestricted USB port that could be exploited to boot malicious firmware or bypass security controls. The device is typically deployed as a network communication node or gateway in industrial control systems. Siemens has released version 3.0 to address these vulnerabilities.

What this means

What could happen

An attacker with network access to the SIMATIC CN 4100 could exploit hard-coded root credentials to gain full control of the device and potentially modify network or system configurations, or boot malicious firmware via the unrestricted USB port, disrupting communication and control operations.

Who's at risk

Water utilities, municipal electric utilities, and any critical infrastructure operators using Siemens SIMATIC CN 4100 industrial gateways or control nodes should prioritize this update. The CN 4100 is commonly deployed as a network gateway or communication hub in industrial automation systems; compromise could disrupt SCADA visibility and control capabilities across the facility.

How it could be exploited

An attacker on the same network segment as the SIMATIC CN 4100 could enumerate the device, obtain the hard-coded root credentials from public documentation or reverse engineering, and use SSH or similar protocols to log in remotely with full system access. Alternatively, if the attacker has physical access, they could insert a malicious USB device into the unrestricted USB port to boot unauthorized firmware or extract sensitive data.

Prerequisites

Network access to the SIMATIC CN 4100 management interface (typically SSH, HTTP, or industrial protocols)
Knowledge of hard-coded root user credentials (publicly available or easily derived)
For USB exploitation: physical access to the device

Remotely exploitableNo authentication requiredHard-coded credentialsAffects control system gatewaysLow complexityUSB physical access vector

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100<V3.03.0

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the SIMATIC CN 4100 using firewall rules; allow only authorized engineering workstations and management networks to reach the device

HARDENINGDisable or physically protect the USB port if it is not required for normal operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 to firmware version 3.0 or later

Long-term hardening

0/1

HARDENINGIsolate the SIMATIC CN 4100 and its network segment from the business network using air-gapping or VLAN segmentation

CVEs (3)

CVE-2024-32740 CVE-2024-32741 CVE-2024-32742

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/18df41fa-ba80-4f1b-9cc1-8f17b567a7eb