OTPulse
FeedAboutContact

Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices

Plan Patch7.5SSA-200951Jun 8, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC TIM 1531 IRC devices contain multiple vulnerabilities in the third-party libcurl library (CWE-200 Information Exposure, CWE-295 Improper Certificate Validation). These issues could allow an attacker to extract sensitive information from device communications or bypass certificate validation to present a revoked certificate as valid. The CVSS v3.1 score is 7.5 (High) with network-based attack vector, low attack complexity, and no privileges or user interaction required. Siemens has released firmware version 2.2 with fixes for these vulnerabilities.

What this means
What could happen
An attacker with network access could extract sensitive information from the TIM device's communications or bypass certificate validation to impersonate trusted servers, potentially allowing them to intercept and modify data flowing through the device.
Who's at risk
This vulnerability affects operators of Siemens SIMATIC TIM 1531 IRC industrial routers (including SIPLUS NET hardened variants) used in manufacturing, utilities, and process automation environments where these devices manage network connections and data routing for control systems.
How it could be exploited
An attacker could send specially crafted HTTPS requests to the TIM device to exploit the libcurl vulnerability, either extracting sensitive data from memory/responses or presenting a revoked certificate that the device would incorrectly trust. No authentication is required.
Prerequisites
  • Network access to the TIM device on port 443 or the port it uses for HTTPS communications
  • The TIM device must be configured to use the affected libcurl library for outbound or inbound HTTPS connections
remotely exploitableno authentication requiredlow complexityaffects data confidentialitycertificate validation bypass
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC TIM 1531 IRC (incl. SIPLUS NET variants)< V2.22.2
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC TIM 1531 IRC to firmware version 2.2 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b3217236-a70d-4c76-b941-7b5f0fa5c85f
Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices | CVSS 7.5 - OTPulse