Multiple Vulnerabilities in SIMATIC CN 4100 before V3.0

Act Now10SSA-273900May 14, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 versions before V3.0 contain hardcoded root credentials that allow unauthenticated network access and remote command execution. The device also has an unrestricted USB port that can be exploited to boot malicious firmware or bypass authentication controls, potentially providing persistent access to the device or connected industrial systems.

What this means

What could happen

An attacker with network access or physical access to the device could exploit hardcoded credentials to gain root-level control of the SIMATIC CN 4100, potentially allowing them to alter network configurations, compromise connected control systems, or maintain persistent access. The unrestricted USB port could allow an attacker to boot malicious firmware or bypass security controls.

Who's at risk

SIMATIC CN 4100 devices deployed in any water, electric utility, or manufacturing facility using Siemens automation platforms. This includes remote monitoring stations, gateway nodes, and industrial edge computing systems that aggregate data from multiple control devices.

How it could be exploited

An attacker could connect to the device over the network (HTTP/SSH) and use publicly known or easily discovered hardcoded root credentials to log in and execute commands. Alternatively, an attacker with physical access could connect a USB device to the unrestricted USB port and boot a custom operating system or firmware that bypasses authentication entirely.

Prerequisites

Network connectivity to the device (port 22 for SSH or port 80/443 for HTTP)
Knowledge of hardcoded credentials (root username and password)
For USB exploit: physical access to the device and ability to connect a bootable USB drive

Remotely exploitableNo authentication required (hardcoded credentials)Low complexity attackDefault credentialsPhysical attack vector (unrestricted USB)

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100<V3.03.0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the SIMATIC CN 4100 using firewall rules; allow only engineering workstations and authorized administrative hosts

HARDENINGPhysically secure or disable the USB port to prevent unauthorized boot or firmware modification

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 to firmware version V3.0 or later

Long-term hardening

0/1

HARDENINGImplement strong network segmentation to isolate the CN 4100 from general IT networks and untrusted traffic

CVEs (3)

CVE-2024-32740 CVE-2024-32741 CVE-2024-32742

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f19b27f8-0922-45f8-ab9f-138197c7ad14