Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

Plan Patch7.5SSA-118850Dec 12, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINUMERIK ONE and SINUMERIK MC products contain a denial of service vulnerability in the OPC UA implementation of the integrated S7-1500 CPU. An attacker can send a specially crafted OPC UA message to cause the CPU to become unresponsive, preventing the machine tool from accepting new commands or monitoring instructions. The vulnerability exists in the OPC UA protocol handler and does not require authentication.

What this means

What could happen

An attacker can remotely crash the machine tool's control CPU by sending a malformed OPC UA message, causing the SINUMERIK machine to stop responding to commands and interrupting production operations.

Who's at risk

Machine tool manufacturers and operators using SINUMERIK ONE or SINUMERIK MC control systems should be concerned. This affects CNC machine tools, automated manufacturing equipment, and any facility relying on Siemens SINUMERIK controllers for production operations.

How it could be exploited

An attacker with network access to the OPC UA port on the SINUMERIK control system sends a malformed OPC UA packet that triggers an integer overflow or buffer handling error in the S7-1500 CPU's OPC UA stack. The CPU becomes unresponsive and must be manually restarted to resume operations.

Prerequisites

Network access to the OPC UA port on the SINUMERIK machine (typically port 4840)
No authentication credentials required

remotely exploitableno authentication requiredlow complexitycauses denial of service in production equipment

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINUMERIK MC<V1.221.22

SINUMERIK ONE<V6.226.22

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to OPC UA ports (typically port 4840) on SINUMERIK machines to only trusted engineering and monitoring systems using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK MC

HOTFIXUpdate SINUMERIK MC to firmware version 1.22 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to firmware version 6.22 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SINUMERIK machine tools from untrusted networks and the general corporate network

CVEs (1)

CVE-2023-28831

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0849516a-1340-45a9-a16b-5a689c7c9961