Siemens SITOP UPS1600

Monitor5.6ICS-CERT ICSA-24-165-05Jun 11, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple out-of-bounds memory vulnerabilities exist in third-party components used by SITOP UPS1600 Ethernet/PROFINET power backup systems in versions prior to V2.5.4. These vulnerabilities could allow an attacker with network access to cause limited impact including memory corruption, data disclosure, or denial of service on the UPS device itself. The vulnerabilities have high attack complexity and no known public exploitation has been reported.

What this means

What could happen

An attacker could exploit out-of-bounds memory vulnerabilities in the SITOP UPS1600 to read or modify data, potentially disrupting power backup operations or reading sensitive configuration data on the UPS system.

Who's at risk

Water utilities and electric utilities operating uninterruptible power supplies (UPS) for critical infrastructure should prioritize this. Specifically, operators of Siemens SITOP UPS1600 series devices (10A, 20A, 40A, and EX models) providing backup power to programmable logic controllers (PLCs), SCADA systems, or other control devices are affected.

How it could be exploited

An attacker with network access to the UPS device could send specially crafted packets to trigger out-of-bounds memory access in third-party components. The attack requires high technical complexity and knowledge of the specific vulnerability details, but if successful could allow arbitrary memory read/write on the device.

Prerequisites

Network access to port 161 (SNMP) or port 502 (PROFINET) on the UPS device
No authentication required
Knowledge of specific out-of-bounds vulnerability details (high attack complexity)

remotely exploitableno authentication requiredhigh attack complexityaffects critical backup power systems

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SITOP UPS1600 10 A Ethernet/ PROFINET<V2.5.42.5.4

SITOP UPS1600 20 A Ethernet/ PROFINET<V2.5.42.5.4

SITOP UPS1600 40 A Ethernet/ PROFINET<V2.5.42.5.4

SITOP UPS1600 EX 20 A Ethernet PROFINET<V2.5.42.5.4

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDRestrict network access to UPS devices using firewall rules; only allow connections from authorized engineering workstations and monitoring systems

WORKAROUNDDisable unnecessary network protocols (SNMP, web interface) on UPS devices if not required for operations

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SITOP UPS1600 10 A Ethernet/PROFINET to firmware version 2.5.4 or later

HOTFIXUpdate SITOP UPS1600 20 A Ethernet/PROFINET to firmware version 2.5.4 or later

HOTFIXUpdate SITOP UPS1600 40 A Ethernet/PROFINET to firmware version 2.5.4 or later

HOTFIXUpdate SITOP UPS1600 EX 20 A Ethernet/PROFINET to firmware version 2.5.4 or later

Long-term hardening

0/1

HARDENINGSegment UPS devices from business networks; isolate them in a dedicated control network behind a firewall

CVEs (3)

CVE-2023-26552 CVE-2023-26553 CVE-2023-26554

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bbba77a9-fc6a-40ac-9460-e1f7b6d7a256