Siemens ST7 ScadaConnect
Act Now8.2ICS-CERT ICSA-24-165-04Jun 11, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple memory safety and input validation vulnerabilities in Siemens ST7 ScadaConnect versions prior to 1.1. These include integer overflow (CWE-190), use-after-free (CWE-415), missing certificate validation (CWE-295), integer underflow (CWE-1333), missing error handling (CWE-754), improper input validation (CWE-20), null pointer dereference (CWE-476), missing encryption (CWE-311), buffer overflow (CWE-119), and resource exhaustion (CWE-400). An unauthenticated remote attacker can trigger these flaws to cause denial of service or corrupt data processed by the device.
What this means
What could happen
An attacker can cause denial of service or data integrity issues on the ST7 ScadaConnect device without authentication. This could disrupt SCADA monitoring and control functions in energy operations.
Who's at risk
Energy utilities and operators running Siemens ST7 ScadaConnect for SCADA monitoring and control. Any organization using this device for industrial process oversight should prioritize patching due to active exploitation.
How it could be exploited
An attacker with network access to the ST7 ScadaConnect device can send crafted requests to trigger integer overflow, use-after-free, or other memory corruption flaws (CWE-190, CWE-415) without providing credentials. This leads to a crash (denial of service) or potential data corruption of monitoring/control data.
Prerequisites
- Network access to ST7 ScadaConnect device (port unspecified in advisory)
- No authentication required
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.5%)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
ST7 ScadaConnect<V1.11.1
Remediation & Mitigation
0/4
Do now
0/2HOTFIXUpdate ST7 ScadaConnect to version 1.1 or later
WORKAROUNDRestrict network access to ST7 ScadaConnect using firewall rules; ensure the device is not accessible from the internet or untrusted networks
Long-term hardening
0/2HARDENINGImplement network segmentation to isolate SCADA/control system networks from business networks
HARDENINGWhen remote access is required, use VPN with strong authentication and keep VPN software updated
CVEs (37)
CVE-2022-40303CVE-2022-40304CVE-2023-0464CVE-2023-0465CVE-2023-0466CVE-2023-3446CVE-2023-5678CVE-2023-21808CVE-2023-24895CVE-2023-24897CVE-2023-24936CVE-2023-28260CVE-2023-28484CVE-2023-29331CVE-2023-29469CVE-2023-32032CVE-2023-33126CVE-2023-33127CVE-2023-33128CVE-2023-33135CVE-2023-33170CVE-2023-36799CVE-2023-35390CVE-2023-35391CVE-2023-36038CVE-2023-36049CVE-2023-36435CVE-2023-36558CVE-2023-36792CVE-2023-36793CVE-2023-36794CVE-2023-36796CVE-2023-38171CVE-2023-38178CVE-2023-38180CVE-2023-39615CVE-2023-44487
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2e49272d-0f17-42db-86a3-b1b55aa488aa