Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D

Plan Patch8.8ICS-CERT ICSA-24-256-02Sep 10, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SINUMERIK ONE, SINUMERIK 840D sl, and SINUMERIK 828D are affected by a privilege escalation vulnerability (CWE-732: Incorrect Permission Assignment for Critical Resource) in the underlying operating system or file permission structure. An authenticated local attacker with valid user credentials could exploit improper file permissions to escalate privileges and gain elevated control over the machine, potentially modifying machine logic, programs, or security configurations. The vulnerability requires local access and valid credentials, limiting the attack surface to operators, maintenance technicians, or engineering staff with system access. Siemens has released fixes for SINUMERIK 828D V5 (version 5.24 or later) and SINUMERIK ONE (version 6.24 or later). SINUMERIK 828D V4 and SINUMERIK 840D sl V4 have no planned fixes and remain vulnerable. Siemens recommends implementing network segmentation, access controls, and following industrial security best practices as compensating controls for unfixed versions.

What this means

What could happen

A local attacker with valid operator or engineering credentials could escalate their privileges on a SINUMERIK CNC machine, gaining the ability to modify machine programs, alter security settings, or disrupt production operations.

Who's at risk

Manufacturers operating CNC and precision machining centers with Siemens SINUMERIK control systems (SINUMERIK ONE, 840D sl, and 828D) should prioritize this issue. This affects shops with automated machine tools, aerospace suppliers, automotive manufacturers, and job shops relying on these controllers for production scheduling and tool path execution.

How it could be exploited

An attacker with local access and valid user credentials (e.g., operator or maintenance account) could exploit improper file permissions on the SINUMERIK system to escalate privileges and gain full control over the machine control logic and settings.

Prerequisites

Local access to the SINUMERIK machine or engineering workstation
Valid user credentials (operator, maintenance, or engineering account)
Physical or network access to the machine's local interfaces or remote access service

Local exploitation requiredValid credentials requiredAffects control logic and machine operationsNo patch available for V4 productsLow EPSS but high impact to availability

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

SINUMERIK 828D V5<V5.245.24

SINUMERIK ONE<V6.246.24

SINUMERIK 828D V4All versionsNo fix (EOL)

SINUMERIK 840D sl V4All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

SINUMERIK 828D V4

WORKAROUNDRestrict local and remote access to SINUMERIK 828D V4 and 840D sl V4 systems using network firewalls and access controls until patches are available

All products

HARDENINGDisable or restrict local login access on SINUMERIK systems to authorized personnel only; enforce strong password policies and multi-factor authentication where available

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.24 or later

All products

HOTFIXUpdate SINUMERIK 828D to version 5.24 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: SINUMERIK 828D V4, SINUMERIK 840D sl V4. Apply the following compensating controls:

HARDENINGSegment SINUMERIK machines from the business network and restrict access from non-production systems

HARDENINGImplement remote access controls; use VPNs with current security patches if remote maintenance is required

CVEs (1)

CVE-2024-41171

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/357f7e3c-72b5-4ec2-8e79-e70c0443da43