Weak Key Protection Vulnerability in SINUMERIK ONE and SINUMERIK MC

Plan Patch9.3SSA-568428Nov 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SINUMERIK ONE and SINUMERIK MC products contain a weak key protection vulnerability in the integrated S7-1500 CPU. An attacker with local access could extract or manipulate cryptographic keys used for authentication and protection of manufacturing data, potentially compromising machine control and program confidentiality.

What this means

What could happen

An attacker with local access to the device could extract or manipulate cryptographic keys used for authentication and data protection, potentially allowing unauthorized control of the CNC machine or compromise of sensitive manufacturing program logic.

Who's at risk

This vulnerability affects manufacturing facilities operating SINUMERIK CNC machines (Computer Numerical Control equipment for precision machining and tool path generation). Impacts include companies using SINUMERIK ONE or SINUMERIK MC controller software for automation of metal cutting, fabrication, and other high-precision manufacturing processes.

How it could be exploited

An attacker with local access to the SINUMERIK controller can exploit weak key protection in the integrated S7-1500 CPU to extract cryptographic keys stored in memory or on-disk. These keys could then be used to forge authentication credentials or decrypt protected manufacturing programs and machine control logic.

Prerequisites

Local access to the SINUMERIK device (physical USB port, serial console, or local network access to service interface)
No elevated credentials required

Local access required (not remotely exploitable from network)Weak cryptographic key protectionAffects safety-critical manufacturing equipmentDefault or non-validated key storage

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SINUMERIK MC< V6.216.21

SINUMERIK ONE< V6.216.21

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SINUMERIK MC

HOTFIXUpdate SINUMERIK MC to version 6.21 or later

SINUMERIK ONE

HOTFIXUpdate SINUMERIK ONE to version 6.21 or later

Long-term hardening

0/2

HARDENINGRestrict physical access to SINUMERIK controllers via locked machine enclosures and access control

HARDENINGMonitor and audit local access attempts to SINUMERIK devices and service ports

CVEs (1)

CVE-2022-38465

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3a038574-25b0-46fe-be2e-ea81604740a6