Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Monitor6.5SSA-448291Jul 13, 2021
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial-of-service vulnerability exists in the ARP protocol handling on Siemens RWG Universal Controller devices (RWG1.M8, RWG1.M12, RWG1.M12D). An attacker on the local network can send malformed ARP packets to cause the controller to crash or stop responding. Siemens has released firmware updates to address this issue.
What this means
What could happen
An attacker on the local network can send malformed ARP messages to crash the controller or make it unresponsive, causing loss of process monitoring and control until the device is manually rebooted.
Who's at risk
Water treatment plants, utilities, and municipalities using Siemens RWG universal controller modules for process automation and remote monitoring. Affected models include RWG1.M8, RWG1.M12, and RWG1.M12D used in pumping stations, control cabinets, and remote terminal units.
How it could be exploited
An attacker connected to the same network segment as the RWG controller sends specially crafted ARP packets. The device's ARP implementation lacks proper validation and crashes or becomes unresponsive, disrupting communications on that network.
Prerequisites
- Local network access to the RWG controller (same Ethernet segment)
- No authentication required
- Ability to send raw ARP frames
Remotely exploitable via local networkNo authentication requiredLow attack complexityAffects industrial automation devicesCauses denial of service
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
RWG1.M8< V1.16.16V1.16.16 or later
RWG1.M12< V1.16.16V1.16.16 or later
RWG1.M12D< V1.16.16V1.16.16 or later
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate RWG controller firmware to version V1.16.16 or later via the RWG Controller Graphical programming platform by generating and downloading a new project file
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ac0edb93-7d27-491f-b7d4-2091cd03f34c