Impact of RegreSSHion (CVE-2024-6387) in Siemens Industrial Products

Act Now8.1SSA-446545Sep 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A race condition vulnerability in OpenSSH (regreSSHion) affects multiple Siemens industrial products. An unauthenticated remote attacker can exploit this flaw to achieve remote code execution on SINAMICS IIoT module, SINEMA Remote Connect Server, SINUMERIK ONE, and Industrial Edge Management OS. Siemens has released patches for three of the four affected product lines but states no fix is available for IEM-OS (all versions).

What this means

What could happen

An unauthenticated attacker can execute arbitrary code on affected Siemens industrial systems via a race condition in SSH, potentially allowing takeover of control systems and disruption of manufacturing operations.

Who's at risk

Manufacturing facilities running Siemens industrial automation products are affected. This includes operators using SINAMICS variable frequency drives with IIoT modules, remote access systems (SINEMA Remote Connect Server), and CNC/machining centers (SINUMERIK ONE). Any facility with networked Siemens control systems is at risk.

How it could be exploited

An attacker connects to the SSH service on a vulnerable Siemens industrial device (such as SINAMICS IIoT module, SINEMA Remote Connect Server, or SINUMERIK ONE) from the network. By exploiting a race condition in OpenSSH during authentication, the attacker gains code execution without providing valid credentials. From there, the attacker can modify process parameters, halt production, or pivot deeper into your manufacturing control network.

Prerequisites

Network reachability to SSH port (typically 22) on the affected Siemens device
Device must be running a vulnerable version of OpenSSH (affected Siemens product versions)

remotely exploitableno authentication requiredhigh EPSS score (57.6%)no patch available for IEM-OSaffects manufacturing control systems

Exploitability

High exploit probability (EPSS 57.6%)

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

Industrial Edge Management OS (IEM-OS)All versionsNo fix (EOL)

SINAMICS IIoT moduleAll versions < V1.0 HF11.0 HF1

SINEMA Remote Connect ServerAll versions < V3.2 SP23.2 SP2

SINUMERIK ONE< V6.246.24

Remediation & Mitigation

0/5

Do now

0/2

Industrial Edge Management OS (IEM-OS)

WORKAROUNDFor Industrial Edge Management OS (IEM-OS), restrict SSH access via network firewall rules until Siemens releases a fix

All products

WORKAROUNDRestrict SSH access (port 22) from untrusted networks to all affected Siemens devices via firewall or network segmentation while patches are prepared

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

SINAMICS IIoT module

HOTFIXUpdate SINAMICS IIoT module to version 1.0 HF1 or later

SINEMA Remote Connect Server

HOTFIXUpdate SINEMA Remote Connect Server to version 3.2 SP2 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.24 or later

CVEs (1)

CVE-2024-6387

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cbbc7f60-dba0-4b75-a5e1-d093ce09b606