Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)

Monitor6.5SSA-541018Mar 9, 2021

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens SENTRON PAC and 3VA COM/DSP devices contain two vulnerabilities (CVE-2020-13987, CVE-2020-17437) from the AMNESIA:33 embedded TCP/IP stack vulnerability family. These vulnerabilities are a buffer over-read (CWE-125) and buffer overflow (CWE-787) affecting the network processing functions of these power monitoring and control devices. The vulnerabilities can be triggered by malicious network packets sent to the affected devices.

What this means

What could happen

An attacker on the local network could send crafted network packets to cause a denial of service on SENTRON PAC/3VA devices, disrupting power monitoring and control functions. Some affected models may allow firmware-based bypass of access controls in certain configurations.

Who's at risk

This affects electric utilities and industrial facilities using Siemens SENTRON power monitoring and protection devices (PAC series power analyzers and 3VA modular circuit breakers) for distribution switchboards and motor control. Any organization relying on these for electrical system visibility and protection should assess their deployed versions.

How it could be exploited

An attacker with network access to the device's Ethernet interface could send specially crafted TCP/IP packets to trigger the buffer over-read or overflow condition, causing the device to crash or become unresponsive. This disrupts monitoring and control of electrical systems.

Prerequisites

<parameter name="string">Network access to the affected device (same subnet or routed network path)

<parameter name="string">Remotely exploitable from local network segment

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (9)

7 with fix2 pending

ProductAffected VersionsFix Status

SENTRON PAC3200T< V3.2.23.2.2

SENTRON PAC3220< V3.2.03.2.0

SENTRON 3VA COM100/800< V4.4.14.4.1

SENTRON PAC3200< V2.4.72.4.7

SENTRON PAC4200< V2.3.02.3.0

SENTRON 3VA DSP800< V4.04.0

SENTRON PAC2200 (with CLP Approval)All versionsNo fix yet

SENTRON PAC2200 (with MID Approval)< V3.2.2No fix yet

Remediation & Mitigation

Update to V4.4.1 or later version Update to V2.4.7 or later version Update to V2.3.0 or later version Update to V4.0 or later version MID-certified devices do not support firmware updates; V3.2.2 is contained in devices that are labeled as "M22 MID"

CVEs (2)

CVE-2020-13987 CVE-2020-17437

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8f22f094-5d05-4e09-8bca-9d735a402516