Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4

Monitor5.6SSA-238730Jun 11, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple out-of-bounds write vulnerabilities in third-party components affect SITOP UPS1600 devices with Ethernet or PROFINET connectivity. These vulnerabilities (CWE-787) allow network-based attackers to write data outside intended memory boundaries, potentially causing limited impact including data corruption or brief service interruption. The affected models include SITOP UPS1600 10A, 20A, 40A, and 40A EX units running firmware versions before V2.5.4.

What this means

What could happen

An attacker could exploit out-of-bounds write vulnerabilities to achieve limited code execution or data corruption on the UPS, potentially disrupting power supply monitoring or causing brief power delivery interruptions to connected systems.

Who's at risk

Water and electric utilities operating uninterruptible power supplies (UPS) for critical infrastructure monitoring and control. Organizations using SITOP UPS1600 series devices (10A, 20A, 40A, or 40A EX) with Ethernet or PROFINET connectivity to back up power for PLCs, SCADA systems, or field devices should apply this patch.

How it could be exploited

An attacker with network access to the UPS device (via Ethernet or PROFINET) could send specially crafted packets targeting the out-of-bounds write flaw in the third-party component, allowing them to write data outside intended memory boundaries and potentially execute arbitrary code with the privileges of the UPS service.

Prerequisites

Network access to SITOP UPS1600 on port(s) used by Ethernet/PROFINET communication (typically port 161/162 for SNMP or 1234 for PROFINET)
Device must be running firmware version before V2.5.4

Remotely exploitableNo authentication requiredAffects power supply systems critical to continuous operationLow EPSS score (0.4%) suggests limited practical exploitation likelihood

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SITOP UPS1600 10 A Ethernet/ PROFINET<V2.5.42.5.4

SITOP UPS1600 20 A Ethernet/ PROFINET<V2.5.42.5.4

SITOP UPS1600 40 A Ethernet/ PROFINET<V2.5.42.5.4

SITOP UPS1600 EX 20 A Ethernet PROFINET<V2.5.42.5.4

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SITOP UPS1600 firmware to version 2.5.4 or later

CVEs (3)

CVE-2023-26552 CVE-2023-26553 CVE-2023-26554

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/15ee510f-0bff-4e6c-9f60-a8520817ae5b