Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products

Plan Patch7.5SSA-592380Dec 12, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial of service vulnerability exists in SIMATIC S7-1500 CPU family and related products. An attacker with network access to port 102/tcp can send a specially crafted message that crashes the CPU, halting all automation and control logic until manual restart. Affected products include SIMATIC Drive Controllers, ET 200SP controllers, S7-1500 CPUs, ET 200pro CPUs, Software Controller, PLCSIM Advanced, and SIPLUS hardened variants. Siemens has released patches for some models (versions 3.1.0, 3.1.2, 30.1.0, 6.0 depending on product), but many variants—particularly ET 200pro and SIPLUS models—have no fix available. For those products, Siemens recommends implementing countermeasures such as network access restrictions.

What this means

What could happen

An attacker with network access to port 102 could send a specially crafted message to crash the PLC CPU, stopping all automation and control logic running on that device until manual restart.

Who's at risk

Manufacturing and transportation facilities using SIMATIC S7-1500 series PLCs and related controllers. This includes automation engineers, process operators, and facilities that depend on these CPUs for continuous control of machinery, production lines, and safety interlocks. Many S7-1500 models have no fix available—particularly ET 200pro variants and SIPLUS hardened variants—and will remain vulnerable.

How it could be exploited

An attacker sends a malicious packet to port 102 (Siemens S7 protocol) on the PLC. The CPU processes the packet incorrectly, crashes, and stops responding—halting process automation, interlocks, and safety logic execution.

Prerequisites

Network access to port 102/tcp on the affected PLC
No authentication required

remotely exploitableno authentication requiredlow complexity attackno patch available for many variantsaffects continuous process control

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (98)

48 with fix50 pending

ProductAffected VersionsFix Status

SIMATIC Drive Controller CPU 1504D TF<V3.1.03.1.0

SIMATIC Drive Controller CPU 1507D TF<V3.1.03.1.0

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)<V30.1.030.1.0

SIMATIC S7-1500 CPU 1510SP F-1 PNAll versionsNo fix yet

SIMATIC S7-1500 CPU 1510SP F-1 PN<V3.1.03.1.0

Remediation & Mitigation

0/18

Do now

0/1

WORKAROUNDRestrict network access to port 102/tcp on all S7-1500 CPUs to authorized engineering workstations only using firewall rules or network segmentation

Schedule — requires maintenance window

0/16

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

HARDENINGSegregate affected PLCs to an isolated control network with no direct connectivity from business networks or the internet

CVEs (1)

CVE-2023-46156

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close