Information Disclosure Vulnerability in SIMOTION before V5.5

Monitor4.6SSA-482956Jun 13, 2023

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMOTION controllers contain an information disclosure vulnerability that allows an unauthenticated attacker to extract confidential technology object (TO) configuration from the device through physical access or network interface without requiring credentials.

What this means

What could happen

An attacker could read sensitive configuration data from SIMOTION controllers, including motion control parameters and proprietary setup information, without authentication. This could enable reverse engineering of control logic or preparation for follow-on attacks.

Who's at risk

Siemens SIMOTION motion controllers used in discrete manufacturing automation, packaging lines, and process control systems. Affects C240, D410-2, D425-2, D435-2, D445-2, D455-2, and P320 series controllers with Profibus DP or Profinet interfaces used to coordinate synchronized motor movements and sequences.

How it could be exploited

An attacker with access to the device's physical ports or network interface can send unauthenticated requests to extract TO configuration data. The vulnerability requires no credentials or user interaction, allowing direct data exfiltration from the controller.

Prerequisites

Physical access to device ports or network connectivity to the SIMOTION device
Device running SIMOTION firmware version 5.4 or 5.5 (before SP1)

Information disclosure without authenticationNo patch available for D445-2 and P320-4 seriesPhysical proximity may allow data extractionLow exploit complexity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (13)

10 with fix3 EOL

ProductAffected VersionsFix Status

SIMOTION C240≥ V5.4< V5.5 SP15.5 SP1

SIMOTION C240 PN≥ V5.4< V5.5 SP15.5 SP1

SIMOTION D410-2 DP≥ V5.4< V5.5 SP15.5 SP1

SIMOTION D410-2 DP/PN≥ V5.4< V5.5 SP15.5 SP1

SIMOTION D425-2 DP≥ V5.4< V5.5 SP15.5 SP1

SIMOTION D425-2 DP/PN≥ V5.4< V5.5 SP15.5 SP1

SIMOTION D435-2 DP≥ V5.4< V5.5 SP15.5 SP1

SIMOTION D435-2 DP/PN≥ V5.4< V5.5 SP15.5 SP1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to SIMOTION devices using firewall rules to allow only authorized engineering workstations and HMI systems

HARDENINGDisable or physically restrict access to device ports if remote configuration is not required

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SIMOTION C240

HOTFIXUpdate SIMOTION C240, D410-2, D425-2, D435-2, and D455-2 controllers to firmware version 5.5 SP1 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: SIMOTION D445-2 DP/PN, SIMOTION P320-4 E, SIMOTION P320-4 S. Apply the following compensating controls:

HARDENINGFor SIMOTION D445-2 and P320-4 series: contact Siemens support, as no patch is available. Implement compensating controls such as network segmentation or physical port access restrictions until patch availability is confirmed

CVEs (1)

CVE-2023-27465

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/15e80853-49a6-4081-b3d4-c257729d6f9b