IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)

Monitor7.5SSA-309571Aug 10, 2021

Attack VectorLocal

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

Intel published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. The affected products include SIMATIC IPCs (industrial computers), SINUMERIK CNC controllers, SIMATIC S7-1500 CPUs, field programmable units, and handheld terminals used in manufacturing automation. Many of these products contain Intel CPUs or firmware components (BIOS, CSME, SPS, LMS) susceptible to the 2021.1 IPU vulnerabilities. Siemens has released BIOS updates for some products; others have no fix available.

What this means

What could happen

An attacker with local access to a vulnerable Siemens industrial computer or controller could bypass security boundaries and gain high-privilege execution, potentially altering production parameters, disabling safety functions, or disrupting manufacturing operations. This affects programmable logic controllers, CNC machine controllers, and field engineering workstations used to manage critical manufacturing processes.

Who's at risk

Manufacturing facilities using Siemens SIMATIC industrial computers (IPC models 127E through 847E series), SIMATIC field programmable units (PG M5/M6), SIMATIC S7-1500 programmable logic controllers (CPUs 1518-4, 1518F-4, 1504D, 1507D, 1515SP), handheld terminals (HT 10), and SINUMERIK CNC machine controllers (828D, MC MCU 1720, NCU 1740, PPU 1740). These are core devices in manufacturing automation, used for machine control, process monitoring, and engineering access.

How it could be exploited

An attacker with physical or local network access to a vulnerable Siemens IPC or SINUMERIK controller could exploit Intel CPU or firmware vulnerabilities to escalate privileges and break security isolation boundaries. From there, they could modify process setpoints, disable safety interlocks, or halt production. The attack requires high privilege (user with administrator or engineering access) but could occur during maintenance windows or from a compromised engineering workstation on the plant network.

Prerequisites

Local or privileged network access to the affected Siemens IPC, PG, or SINUMERIK controller
Administrator or engineering workstation credentials to interact with the device
Physical access or remote access via engineering network (not exposed to Internet)

No authentication required (Intel CPU/firmware vulnerability)Low complexity exploitation (Intel firmware flaw)High privileges needed to trigger (limits exposure)Affects production control systems (S7-1500 PLC, CNC controllers)Many products have no patch available

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (25)

25 pending

ProductAffected VersionsFix Status

SIMATIC Field PG M6<V26.01.08No fix yet

SIMATIC IPC3000 SMART V3<V01.04.00No fix yet

SIMATIC IPC347G<V01.04.00No fix yet

SIMATIC IPC427E<V21.01.16No fix yet

SIMATIC IPC477E<V21.01.16No fix yet

Remediation & Mitigation

0/16

Schedule — requires maintenance window

0/15

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

SIMATIC IPC547G

HARDENINGFor products with no fix available (SIMATIC IPC547G, S7-1500 CPU 1518-4/1518F-4/1504D/1507D), restrict local and remote access to engineering workstations; isolate devices on a dedicated engineering network with firewall rules limiting access to necessary management protocols only

CVEs (12)

CVE-2020-8670 CVE-2020-8703 CVE-2020-8704 CVE-2020-12357 CVE-2020-12358 CVE-2020-12360 CVE-2020-24486 CVE-2020-24506 CVE-2020-24507 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close