Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3.4

Act Now9.8SSA-561322Jul 11, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC MV500 devices before V3.3.4 contain multiple vulnerabilities in the web server and third-party components, including buffer overflows (CWE-120, CWE-787), improper input validation (CWE-20), weak cryptography (CWE-326), and resource management issues (CWE-770, CWE-400). These flaws allow remote code execution, information disclosure, and denial of service without authentication.

What this means

What could happen

An attacker with network access to a SIMATIC MV500 device could execute arbitrary code, read sensitive data, or cause the device to stop responding. This could disrupt motor control, process sequencing, or energy management in industrial facilities.

Who's at risk

This affects operators of SIMATIC MV500 series energy/motor control devices (models MV540 H/S, MV550 H/S, MV560 U/X). Critical in industrial facilities using these controllers for power management, motor starting, or variable frequency drive operations.

How it could be exploited

An attacker on the network sends a malicious request to the web server running on the SIMATIC MV500 device. Due to multiple vulnerabilities (including buffer overflows, improper input validation, and weak cryptography), the attacker can trigger code execution or access protected resources without authentication.

Prerequisites

Network access to port 80/443 (HTTP/HTTPS) on the MV500 device
Device running firmware version earlier than V3.3.4

remotely exploitableno authentication requiredlow complexityhigh EPSS score (92.5%)affects critical infrastructure equipmentweb server vulnerability

Exploitability

High exploit probability (EPSS 92.5%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

SIMATIC MV540 H (6GF3540-0GE10)< V3.3.43.3.4

SIMATIC MV540 S (6GF3540-0CD10)< V3.3.43.3.4

SIMATIC MV550 H (6GF3550-0GE10)< V3.3.43.3.4

SIMATIC MV550 S (6GF3550-0CD10)< V3.3.43.3.4

SIMATIC MV560 U (6GF3560-0LE10)< V3.3.43.3.4

SIMATIC MV560 X (6GF3560-0HE10)< V3.3.43.3.4

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC MV500 devices (all models) to firmware version V3.3.4 or later

CVEs (13)

CVE-2021-46828 CVE-2022-1012 CVE-2022-4304 CVE-2022-4450 CVE-2022-30767 CVE-2022-36946 CVE-2022-37434 CVE-2022-48285 CVE-2023-0215 CVE-2023-0286 CVE-2023-35920 CVE-2023-35921 CVE-2023-36521

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5096c991-df1f-4154-b80b-a2348b1025b5