Siemens Sentron Powercenter 1000

Plan PatchCVSS 7.5ICS-CERT ICSA-24-284-12Oct 8, 2024

SiemensEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the SIRIUS 3RV2921-5M motor starter allows an attacker with network access to cause a denial of service condition, making the device unresponsive to control commands. Versions prior to 5.1 are affected. Siemens recommends updating to firmware version 5.1 or later.

What this means

What could happen

An attacker with network access to a SIRIUS 3RV2921-5M motor starter could cause it to stop responding or become unavailable, potentially halting motor-driven equipment like pumps or compressors and disrupting facility operations.

Who's at risk

Energy utilities and industrial facilities that operate Siemens SIRIUS 3RV2921-5M motor starters for controlling pumps, compressors, fans, or other critical motors should prioritize this update. This affects any environment where the motor starter is reachable from a network.

How it could be exploited

An attacker sends specially crafted network packets to the vulnerable device on its management or control port. The device cannot process the requests properly, resulting in a denial of service where the motor starter becomes unresponsive to legitimate commands.

Prerequisites

Network access to the SIRIUS 3RV2921-5M device on its control/management port
Device must be running firmware version prior to 5.1

remotely exploitableno authentication requiredlow complexityaffects critical motor control equipment

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SIRIUS 3RV2921-5M< V5.15.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDImplement physical isolation or firewall rules to restrict network access to the SIRIUS 3RV2921-5M from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIRIUS 3RV2921-5M firmware to version 5.1 or later

Long-term hardening

0/1

HARDENINGLocate the motor starter behind a firewall and isolate from business networks using network segmentation

CVEs (1)

CVE-2023-6874

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2fbbd666-c46e-42e0-89ce-60dc3dd45ced

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.