Denial of Service Vulnerability in the OPC UA Server Implementations of Several Industrial Products

Monitor5.3SSA-088132Jul 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

OPC UA Server implementations in several Siemens industrial products are vulnerable to a denial of service attack. The Unified Automation .NET SDK used in these products does not properly validate incoming OPC UA requests, allowing an attacker to cause memory exhaustion and server unresponsiveness. This affects operator visibility and blocks communication between SCADA systems, engineering workstations, and industrial devices. SIMATIC Energy Manager Basic and PRO versions before 7.5, and SIMIT V11 before 11.1 have fixes available. SIMATIC IPC DiagBase and DiagMonitor have no fix planned.

What this means

What could happen

An attacker could send specially crafted OPC UA requests to flood memory on the server, causing it to become unresponsive and blocking communication with connected devices and monitoring systems.

Who's at risk

Energy management systems and industrial simulation platforms at utilities and manufacturing plants should care. Specifically: SIMATIC Energy Manager (Basic and PRO versions) used for electrical grid monitoring, SIMATIC IPC DiagBase and DiagMonitor used for industrial PC diagnostics, and SIMIT simulation software used for operator training and process development.

How it could be exploited

An attacker with network access to the OPC UA server port (typically 4840) sends malicious OPC UA packets designed to consume excessive memory. The server's resource exhaustion causes it to stop responding to legitimate requests from engineering workstations, SCADA systems, and other OPC UA clients.

Prerequisites

Network access to the OPC UA server port (default 4840 or custom configured port)
No authentication required to trigger the vulnerability

remotely exploitableno authentication requiredlow complexityno patch available for DiagBase and DiagMonitoraffects monitoring and operational visibility

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

3 with fix3 EOL

ProductAffected VersionsFix Status

SIMATIC Energy Manager Basic< V7.57.5

SIMATIC Energy Manager PRO< V7.57.5

SIMIT V11< V11.111.1

SIMATIC IPC DiagMonitorAll versionsNo fix (EOL)

SIMIT V10All versionsNo fix (EOL)

SIMATIC IPC DiagBaseAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/1

SIMATIC IPC DiagBase

WORKAROUNDFor SIMATIC IPC DiagBase and DiagMonitor (no fix available): Restrict network access to OPC UA ports using firewall rules to limit which systems can connect

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

SIMATIC Energy Manager Basic

HOTFIXUpdate SIMATIC Energy Manager Basic to version 7.5 or later

SIMATIC Energy Manager PRO

HOTFIXUpdate SIMATIC Energy Manager PRO to version 7.5 or later

SIMIT V11

HOTFIXUpdate SIMIT V11 to version 11.1 or later

All products

HARDENINGDeploy OPC UA traffic monitoring to detect unusual connection patterns or memory exhaustion events

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: SIMATIC IPC DiagMonitor, SIMIT V10, SIMATIC IPC DiagBase. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate OPC UA servers from untrusted networks

CVEs (1)

CVE-2023-52891

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6ec2e787-0a6f-44aa-8c4b-5cfddd811cf5