Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products

Monitor5.9SSA-264814Aug 8, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A timing-based side-channel vulnerability exists in OpenSSL RSA decryption (CVE-2023-4304) affecting numerous SIMATIC products. An attacker with network access can measure timing variations in RSA decryption operations to statistically recover private encryption keys used by PLCs, cloud connectors, and engineering software. This compromises the confidentiality of encrypted communications and credentials. Siemens has released patched firmware for most products; however, several product lines (SIMATIC Logon V1.6, PDM V9.1, Process Historian 2019/2020, and certain S7-1500 CPU variants) are end-of-life and will not receive fixes.

What this means

What could happen

An attacker with network access to an affected SIMATIC device could perform cryptographic analysis through timing measurements during RSA decryption operations to extract sensitive encryption keys. This could compromise the confidentiality of encrypted communications or authentication credentials used by the PLC, HMI, or engineering workstation.

Who's at risk

This affects Siemens manufacturing and transportation automation customers using S7-300, S7-1200, S7-1500, ET 200, Drive Controller, Cloud Connect, PLCSIM, PDM, and Process Historian products. Any facility relying on these PLCs for process control—water treatment, power distribution, chemical plants, assembly lines—should assess if they operate affected firmware versions. The risk is highest for installations where PLCs are networked with encrypted communications (OPC UA, secure Profinet, TLS handshakes) or where RSA keys are used for device authentication.

How it could be exploited

An attacker must be able to measure timing differences in RSA decryption responses from the affected device (PLC, cloud connector, or engineering station) across many decryption operations over the network. By analyzing these timing variations, the attacker can statistically infer the private key bits used in RSA decryption without needing valid credentials or triggering alarms.

Prerequisites

Network connectivity to the affected device (Profinet, Ethernet, or cloud interface)
Ability to perform multiple RSA decryption requests to the device (typically through secure communication handshakes)
Sufficient measurement precision to detect nanosecond-level timing variations

Remotely exploitable over networkTiming-based side-channel attack requires sustained network access and statistical analysisNo authentication required (passive observation of timing)Low complexity exploit (timing measurement)Multiple products with no fix available (end-of-life status)Affects cryptographic key material

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (150)

127 with fix23 pending

ProductAffected VersionsFix Status

SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00)< V2.22.2

SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00)< V2.22.2

SIMATIC Drive Controller CPU 1504D TF≥ V3.0.1, < V3.0.33.0.3

SIMATIC Drive Controller CPU 1504D TF< V2.9.72.9.7

SIMATIC Drive Controller CPU 1507D TF≥ V3.0.1, < V3.0.33.0.3

Remediation & Mitigation

0/12

Schedule — requires maintenance window

0/10

Patching may require device reboot — plan for process interruption

Long-term hardening

0/2

SIMATIC Logon V1.6

HARDENINGFor SIMATIC Logon V1.6, SIMATIC PDM V9.1, SIMATIC Process Historian 2019/2020 OPC UA Server, and S7-1500 CPUs with 'All versions / No fix available' status, implement network segmentation to restrict access to these devices to trusted engineering workstations and prohibit external network connectivity

All products

HARDENINGRestrict network access to affected SIMATIC devices to authorized engineering workstations and block unnecessary inter-device communication where possible

CVEs (1)

CVE-2022-4304

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close