Denial-of-Service Vulnerability in SINUMERIK Controllers

Plan Patch7.5SSA-178380Oct 12, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A Denial-of-Service vulnerability in SINUMERIK Controllers allows an unauthenticated attacker with network access to the affected devices to cause system failure and total loss of availability.

What this means

What could happen

An attacker could crash the SINUMERIK controller over the network, halting CNC machining operations and requiring manual restart and re-synchronization of the machine tool.

Who's at risk

CNC machine operators and manufacturing facilities using SINUMERIK 808D or 828D controllers should care. This affects any precision machining operation (automotive, aerospace, general manufacturing) that relies on these controllers for production.

How it could be exploited

An attacker on the network sends a crafted request to the controller on the management or data port (typically port 502 or equivalent). The device fails to properly validate or handle the input, causing a denial-of-service condition that stops the controller and the machine.

Prerequisites

Network access to the SINUMERIK controller
No authentication required

remotely exploitableno authentication requiredlow complexityproduction availability impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

SINUMERIK 828D< V4.954.95

SINUMERIK 808DAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

SINUMERIK 808D

HARDENINGFor SINUMERIK 808D (no fix available), implement network segmentation to restrict management access to the controller from untrusted networks

WORKAROUNDFor SINUMERIK 808D, restrict network access to the controller port using firewall rules and limit to authorized engineering workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SINUMERIK 828D

HOTFIXUpdate SINUMERIK 828D to V4.95 or later

CVEs (1)

CVE-2021-37199

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/359e17f1-cb2e-4338-a717-b60fdab30789