Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D

Plan PatchCVSS 8.8ICS-CERT ICSA-24-256-02Sep 10, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SINUMERIK ONE, SINUMERIK 840D sl, and SINUMERIK 828D controllers are affected by a privilege escalation vulnerability stemming from improper file permissions (CWE-732). An authenticated local attacker could escalate privileges to gain higher-level access to the underlying system. Siemens has released patches for SINUMERIK 828D V5 (version 5.24) and SINUMERIK ONE (version 6.24). SINUMERIK 828D V4 and SINUMERIK 840D sl V4 will not receive patches and must be protected through network controls and access restrictions.

What this means

What could happen

An authenticated attacker with local access to a SINUMERIK controller could escalate privileges to gain elevated control over the machine, potentially allowing modification of machining parameters, tool offsets, or complete operational control.

Who's at risk

This vulnerability affects manufacturers and shops using SINUMERIK CNC machines (SINUMERIK ONE, 840D sl, and 828D series) for milling, turning, and multi-axis machining. Any facility where machine operators, maintenance staff, or contractors have local access to these controllers should be concerned.

How it could be exploited

An attacker with a local user account on the SINUMERIK controller could exploit improper file permissions to escalate their privileges to system level. This requires physical or direct network access to the device and existing credentials; no remote exploitation path exists.

Prerequisites

Local or direct network access to the SINUMERIK controller
Valid user account credentials on the affected machine
Physical machine is not behind a firewall or network segmentation

Local exploitation only (requires physical or direct network access)Requires valid user credentialsNo patch available for SINUMERIK 828D V4 and 840D sl V4Privilege escalation could enable complete machine control

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

SINUMERIK 828D V5<V5.245.24

SINUMERIK ONE<V6.246.24

SINUMERIK 828D V4All versionsNo fix (EOL)

SINUMERIK 840D sl V4All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

SINUMERIK 828D V4

HARDENINGRestrict network access to SINUMERIK 828D V4 and 840D sl V4 controllers using firewall rules and network segmentation, allowing only authorized workstations to connect

All products

HARDENINGImplement strict local access controls and authentication to SINUMERIK machines; disable unnecessary user accounts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK 828D V5

HOTFIXUpdate SINUMERIK 828D V5 to version 5.24 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.24 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: SINUMERIK 828D V4, SINUMERIK 840D sl V4. Apply the following compensating controls:

HARDENINGPlace all SINUMERIK controllers behind a firewall and isolate from business networks

CVEs (1)

CVE-2024-41171

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/357f7e3c-72b5-4ec2-8e79-e70c0443da43

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.