OTPulse
FeedAboutContact

Cleartext Storage of Sensitive Information in Multiple SIMATIC Products

Monitor6.5SSA-535997Sep 14, 2021
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A cleartext storage vulnerability exists in SIMATIC CP 1543-1 and CP 1545-1 communication processors. An attacker with network access to an affected device could read sensitive information stored on the module. This affects all versions prior to V3.0 for CP 1543-1 and V1.1 for CP 1545-1. Siemens has released firmware updates to address this issue.

What this means
What could happen
An attacker with network access to the communication processor could read sensitive configuration data stored in cleartext, potentially exposing credentials or operational parameters. This information could be used to plan further attacks against your automation network.
Who's at risk
Water utilities and electric utilities operating SIEMENS SIMATIC CP 1543-1 or CP 1545-1 communication processors should assess their inventory. These devices are commonly used as industrial Ethernet gateways in PLC networks to bridge legacy fieldbus systems (PROFIBUS, PROFINET) with corporate networks. Any facility using these modules for process automation is affected.
How it could be exploited
An attacker on the same network segment (Ethernet) as the SIMATIC CP could connect to the device and retrieve stored sensitive data without authentication. The data is transmitted or stored in plaintext, making interception trivial once network access is gained.
Prerequisites
  • Network access to the SIMATIC CP 1543-1 or CP 1545-1 device on Ethernet
  • No authentication required
  • Device running vulnerable firmware version
remotely exploitableno authentication requiredlow complexity attacksensitive data exposureaffects automation network confidentiality
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC CP 1543-1 (incl. SIPLUS variants)< V3.03.0
SIMATIC CP 1545-1< V1.11.1
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

SIMATIC CP 1545-1
HOTFIXUpdate SIMATIC CP 1545-1 firmware to version 1.1 or later
All products
HOTFIXUpdate SIMATIC CP 1543-1 firmware to version 3.0 or later
HOTFIXMigrate TIA Portal engineering project to V17 and recompile and download to device after firmware update
Long-term hardening
0/1
HARDENINGImplement network segmentation to restrict Ethernet access to the SIMATIC CP devices to authorized engineering and control stations only
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/70928b2c-91fa-4527-a299-4742fcdc28f0