NumberJack Vulnerability in LOGO! CMR and SIMATIC RTU 3000 devices
Monitor5.4SSA-316383Sep 14, 2021
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A TCP/IP stack vulnerability in LOGO! CMR and SIMATIC RTU 3000 devices allows an attacker with access to the local network to hijack ongoing connections or spoof new connections to the device. The WAN interface is not affected. An attacker could send unauthorized commands to the controller, potentially disrupting process operations. Siemens has released firmware updates for all affected models.
What this means
What could happen
An attacker on your local network could hijack or spoof connections to these devices, potentially allowing unauthorized commands to be sent to the LOGO! controllers or RTU units and affecting whatever process they control (e.g., lighting, pump operations, alarm signals).
Who's at risk
Water and electric utilities using Siemens LOGO! CMR or SIMATIC RTU 3000 series devices for local process control, remote telemetry, or automation logic. This affects any facility where these controllers manage operations over a networked LAN, including RTU units at substations or water treatment plants.
How it could be exploited
An attacker would need to be on the same local network segment (LAN) as the device. They could then intercept TCP/IP traffic and either hijack an existing connection (e.g., between an HMI and the controller) or create a spoofed connection, sending arbitrary commands as if they were a legitimate operator or engineering workstation.
Prerequisites
- Network access to the device's LAN interface (same network segment)
- Ability to see or intercept traffic between the device and legitimate clients
Remotely exploitable (LAN access)Low authentication complexityNo patch required urgency (low EPSS, not actively exploited)Affects remote monitoring and control devices
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
LOGO! CMR2020< V2.22.2
LOGO! CMR2040< V2.22.2
SIMATIC RTU3010C< V4.0.94.0.9
SIMATIC RTU3030C< V4.0.94.0.9
SIMATIC RTU3031C< V4.0.94.0.9
SIMATIC RTU3041C< V4.0.94.0.9
Remediation & Mitigation
0/7
Do now
0/1HARDENINGRestrict network access to LAN interfaces of affected devices using firewall or switch-level access control lists
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
LOGO! CMR2020
HOTFIXUpdate LOGO! CMR2020 to firmware version 2.2 or later
LOGO! CMR2040
HOTFIXUpdate LOGO! CMR2040 to firmware version 2.2 or later
SIMATIC RTU3010C
HOTFIXUpdate SIMATIC RTU3010C to firmware version 4.0.9 or later
SIMATIC RTU3030C
HOTFIXUpdate SIMATIC RTU3030C to firmware version 4.0.9 or later
SIMATIC RTU3031C
HOTFIXUpdate SIMATIC RTU3031C to firmware version 4.0.9 or later
SIMATIC RTU3041C
HOTFIXUpdate SIMATIC RTU3041C to firmware version 4.0.9 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/224732d4-43be-47ec-a5bd-a973d537f018