SSA-179516 OpenSSL Vulnerability in Industrial Products

Act Now5.9SSA-179516Aug 7, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Several Siemens industrial products contain a vulnerability in OpenSSL that could cause encrypted data to be sent in plaintext by the SSL/TLS record layer. The affected products include SIMATIC S7 CPUs (1200 and 1500 families), MindConnect IoT2040 and Nano gateways, STEP 7 and WinCC engineering software, WinCC OA supervisory systems, SIMATIC IPC diagnostic tools, ET 200SP Open Controllers, and SINUMERIK Integrate clients. An attacker on the network could intercept and read communications that should be encrypted, potentially exposing engineering credentials, process setpoints, and remote access commands. Siemens has released firmware and software updates for all affected products.

What this means

What could happen

An OpenSSL vulnerability could cause encrypted data (SSL/TLS) to be transmitted in plaintext over the network, exposing sensitive communications like engineering credentials, process data, and control commands to eavesdropping on the local network or internet if the affected device is internet-facing.

Who's at risk

Manufacturing facilities using Siemens industrial automation equipment should prioritize this advisory. Specifically affected are: operators and engineers using SIMATIC S7 PLCs (1200/1500 family), ET 200 smart I/O modules, MindConnect IoT gateways, STEP 7 programming software, WinCC HMI/SCADA software, WinCC OA supervisory systems, and SINUMERIK machine control systems. Any facility where these devices communicate over remote connections (engineering access, cloud services, or inter-system communication) is at risk of credential and process data exposure.

How it could be exploited

An attacker positioned on the network path between the affected Siemens device and a remote client (such as an engineering workstation or supervisory system) could intercept network traffic and read plaintext SSL/TLS records that should be encrypted. This requires network access to the device's communication port but no prior authentication or interaction with the device itself.

Prerequisites

Network access to the affected device on its SSL/TLS communication port (typically 443 or manufacturer-specific)
Ability to observe or intercept traffic between the device and remote clients
No credentials required; vulnerability exists in the SSL/TLS implementation itself

Remotely exploitableHigh EPSS score (58%)Affects confidentiality of encrypted communicationsNo authentication required to intercept trafficImpacts multiple critical industrial product families

Exploitability

High exploit probability (EPSS 58.0%)

Affected products (20)

19 with fix1 pending

ProductAffected VersionsFix Status

MindConnect IoT2040< V03.0103.01

MindConnect Nano (IPC227D)< V03.0103.01

SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)≥ V2.0 < V2.1.62.1.6

SIMATIC HMI WinCC Flexible< V15.115.1

SIMATIC IPC DiagBase< V2.1.1.02.1.1.0

Remediation & Mitigation

0/21

Schedule — requires maintenance window

0/20

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

HARDENINGIsolate affected devices on a protected network segment with access controls and monitor outbound encrypted connections to ensure SSL/TLS is functioning as expected

CVEs (1)

CVE-2017-3737

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close