Siemens ST7 ScadaConnect

Act NowCVSS 8.2ICS-CERT ICSA-24-165-04Jun 11, 2024

SiemensEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple memory safety and input validation vulnerabilities in Siemens ST7 ScadaConnect versions prior to 1.1. These include integer overflow (CWE-190), use-after-free (CWE-415), missing certificate validation (CWE-295), integer underflow (CWE-1333), missing error handling (CWE-754), improper input validation (CWE-20), null pointer dereference (CWE-476), missing encryption (CWE-311), buffer overflow (CWE-119), and resource exhaustion (CWE-400). An unauthenticated remote attacker can trigger these flaws to cause denial of service or corrupt data processed by the device.

What this means

What could happen

An attacker can cause denial of service or data integrity issues on the ST7 ScadaConnect device without authentication. This could disrupt SCADA monitoring and control functions in energy operations.

Who's at risk

Energy utilities and operators running Siemens ST7 ScadaConnect for SCADA monitoring and control. Any organization using this device for industrial process oversight should prioritize patching due to active exploitation.

How it could be exploited

An attacker with network access to the ST7 ScadaConnect device can send crafted requests to trigger integer overflow, use-after-free, or other memory corruption flaws (CWE-190, CWE-415) without providing credentials. This leads to a crash (denial of service) or potential data corruption of monitoring/control data.

Prerequisites

Network access to ST7 ScadaConnect device (port unspecified in advisory)
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.5%)

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (1)

ProductAffected VersionsFix Status

ST7 ScadaConnect<V1.11.1

Remediation & Mitigation

0/4

Do now

0/2

HOTFIXUpdate ST7 ScadaConnect to version 1.1 or later

WORKAROUNDRestrict network access to ST7 ScadaConnect using firewall rules; ensure the device is not accessible from the internet or untrusted networks

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate SCADA/control system networks from business networks

HARDENINGWhen remote access is required, use VPN with strong authentication and keep VPN software updated

CVEs (37)

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2e49272d-0f17-42db-86a3-b1b55aa488aa

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.