Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC
Plan Patch7.5SSA-280603Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A use-after-free vulnerability (CWE-416) exists in the integrated S7-1500 CPU of SINUMERIK ONE and SINUMERIK MC that allows remote denial of service. An attacker with network access to port 102/tcp can send a crafted packet to crash the controller, stopping CNC operations. SINUMERIK MC versions before 1.24 and SINUMERIK ONE versions before 6.24 are affected.
What this means
What could happen
An attacker with network access to port 102 could cause a SINUMERIK CNC system to stop responding, halting machining operations and production output until the device is manually restarted.
Who's at risk
CNC machine tool operators and manufacturing facilities using SINUMERIK ONE or SINUMERIK MC controllers should be concerned. Any production facility relying on these systems for continuous machining will experience process interruption if this vulnerability is exploited.
How it could be exploited
An attacker sends a malicious network packet to port 102/tcp (the S7 communication port) on the SINUMERIK ONE or MC controller. The use-after-free flaw causes the CPU to crash or enter an unresponsive state. No authentication is required.
Prerequisites
- Network access to port 102/tcp on the affected SINUMERIK ONE or MC device
- No credentials or authentication required
remotely exploitableno authentication requiredlow complexityaffects production systemsport 102 widely used in industrial networks
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SINUMERIK MC< V1.241.24
SINUMERIK ONE< V6.246.24
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to port 102/tcp using firewall rules; only allow connections from authorized engineering workstations and plant network segments
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SINUMERIK MC
HOTFIXUpdate SINUMERIK MC to version 1.24 or later
SINUMERIK ONE
HOTFIXUpdate SINUMERIK ONE to version 6.24 or later
Long-term hardening
0/1HARDENINGIsolate SINUMERIK controllers on a separate control network segment with restricted layer 3 connectivity from corporate IT and untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b3be5c79-c2bd-48fb-8897-0ff59b8f54de