Multiple Vulnerabilities in SIMATIC CN 4100 before V2.5

Act Now9.9SSA-313488Jul 11, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 contains improper access control and insecure default configurations that could allow privilege escalation and bypass of network isolation controls.

What this means

What could happen

An attacker with valid credentials could escalate privileges on the CN 4100 and bypass network segmentation controls, potentially gaining access to isolated control network segments that should be restricted.

Who's at risk

Water authorities and electric utilities using SIMATIC CN 4100 industrial networking devices for network isolation and access control. This affects any organization relying on the CN 4100 to segment critical control networks from corporate networks or external access.

How it could be exploited

An attacker with engineering or operator credentials could exploit improper access control mechanisms to escalate to administrative privileges. Once elevated, they could modify network configuration settings to bypass isolation controls and gain unauthorized access to connected devices on the isolated network segment.

Prerequisites

Valid user credentials (engineering or operator level)
Network access to the CN 4100 management interface
CN 4100 running firmware version earlier than V2.5

Requires valid credentials (reduces exposure)Remotely exploitableCVSS 9.9 criticalLow complexity attackAffects network isolation (defense-in-depth control)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100< V2.52.5

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGReview and strengthen access control policies on CN 4100 to restrict user privileges to minimum necessary levels

HARDENINGAudit current CN 4100 network configuration to verify isolation controls are properly configured and not compromised

HARDENINGImplement network-level access controls (firewall rules) to restrict who can reach the CN 4100 management interface

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 firmware to version 2.5 or later

CVEs (2)

CVE-2023-29130 CVE-2023-29131

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/390991d2-3099-4f89-972d-5401ff60a06a