Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400
Plan Patch8.2SSA-223353Mar 8, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in the Nucleus RTOS kernel affect SIMOTICS CONNECT 400 motor controllers. These flaws include improper type casting (CWE-843), unsafe external data input processing (CWE-1284), integer underflow (CWE-191), and missing validation (CWE-240). An attacker can trigger a denial-of-service condition or potentially execute code on the device by sending crafted network packets. Siemens has released firmware updates to address these issues.
What this means
What could happen
An attacker with network access to a SIMOTICS CONNECT 400 could execute code or cause the device to stop responding, disrupting motor control operations in your facility without needing any credentials or user interaction.
Who's at risk
Plant operators and engineers managing motor drives and variable frequency drives (VFDs) that use SIMOTICS CONNECT 400 controllers. This affects any facility using Siemens motor control systems with Nucleus RTOS-based firmware, including wastewater treatment plants, water pumping stations, and power generation facilities with motor-driven equipment.
How it could be exploited
An attacker sends a specially crafted network packet to the SIMOTICS CONNECT 400 device. The Nucleus RTOS kernel processes this packet without proper validation due to flaws in memory management (CWE-191, CWE-843), allowing the attacker to trigger a crash (denial of service) or potentially execute arbitrary code on the device. This occurs during the normal network communication flow that the device uses for motor control commands.
Prerequisites
- Network access to the SIMOTICS CONNECT 400 device (port/protocol not specified in advisory; assume standard Siemens industrial network access)
- No credentials required
- No special configuration required—vulnerability exists in default state
Remotely exploitable over the networkNo authentication requiredLow attack complexityAffects motor control—disruption could halt pumping or critical process operationsHigh CVSS score (8.2) with high availability impact
Exploitability
Moderate exploit probability (EPSS 2.5%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMOTICS CONNECT 400< V0.5.0.00.5.0.0
SIMOTICS CONNECT 400< V1.0.0.01.0.0.0
Remediation & Mitigation
0/4
Do now
0/1SIMOTICS CONNECT 400
WORKAROUNDRestrict network access to SIMOTICS CONNECT 400 devices using firewall rules; allow only trusted engineering and control workstations to communicate with these devices
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SIMOTICS CONNECT 400
HOTFIXUpdate SIMOTICS CONNECT 400 firmware to version 0.5.0.0 or later (for devices running versions before 0.5.0.0)
HOTFIXUpdate SIMOTICS CONNECT 400 firmware to version 1.0.0.0 or later (for devices running versions before 1.0.0.0)
Long-term hardening
0/1SIMOTICS CONNECT 400
HARDENINGIsolate SIMOTICS CONNECT 400 devices on a dedicated motor control network segment separate from general IT networks and the internet
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2eee52f6-3af1-43de-abd9-01eaf65ee7f0