Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8
Act Now9.8SSA-337522Jun 11, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in Siemens TIM 1531 IRC industrial router devices (versions before V2.4.8) include improper input validation (CWE-20), buffer overflow (CWE-787), weak cryptography (CWE-326), improper resource management (CWE-415), missing encryption (CWE-311), and other memory safety issues (CWE-125, CWE-190, CWE-362, CWE-416, CWE-835). These flaws allow remote code execution without authentication over the network. The vulnerability chain involves improper certificate validation (CWE-295) and weak security algorithms, enabling complete compromise of the router device.
What this means
What could happen
An attacker with network access could execute arbitrary code remotely on the TIM 1531 IRC device without authentication, potentially gaining full control over the industrial router and disrupting communications between networks, PLCs, and SCADA systems.
Who's at risk
Water utilities and municipalities using Siemens TIM 1531 IRC industrial routers for network communication between field devices, PLCs, and control systems. This device is critical for connecting remote substations, pump stations, treatment plants, and SCADA networks.
How it could be exploited
An attacker on the network sends a specially crafted packet to the TIM 1531 IRC device. The device fails to properly validate the input due to multiple input validation and memory corruption flaws (CWE-20, CWE-787, CWE-190). This allows the attacker to execute arbitrary code directly on the device with no authentication required.
Prerequisites
- Network access to the TIM 1531 IRC device
- Device running firmware version before V2.4.8
- No special credentials or authentication required
Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (88.5%)Affects critical network infrastructureMultiple memory corruption vulnerabilities
Exploitability
High exploit probability (EPSS 88.5%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIPLUS TIM 1531 IRC<V2.4.82.4.8
TIM 1531 IRC<V2.4.82.4.8
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
TIM 1531 IRC
HOTFIXUpdate TIM 1531 IRC firmware to version 2.4.8 or later
CVEs (32)
CVE-2021-47178CVE-2022-1015CVE-2022-4304CVE-2022-4450CVE-2022-39189CVE-2022-40225CVE-2022-40303CVE-2022-40304CVE-2022-45886CVE-2022-45887CVE-2022-45919CVE-2023-0160CVE-2023-0215CVE-2023-0286CVE-2023-0464CVE-2023-0465CVE-2023-0466CVE-2023-1017CVE-2023-2124CVE-2023-2269CVE-2023-21255CVE-2023-27321CVE-2023-28319CVE-2023-35788CVE-2023-35823CVE-2023-35824CVE-2023-35828CVE-2023-35829CVE-2023-41910CVE-2023-50763CVE-2023-52474CVE-2024-0775
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5e41f881-fe71-47d9-b2d0-6e15de08ab5b