Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Monitor5.3SSA-594364May 11, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial-of-service vulnerability in WinCC Runtime SNMP implementation allows an unauthenticated attacker with network access to crash the SNMP service by sending specially crafted SNMP packets to port 161/UDP.
What this means
What could happen
An attacker can cause the SNMP service on affected HMI panels to stop responding, which could disrupt monitoring and remote management of your plant operations and networked devices.
Who's at risk
Manufacturing plants using Siemens SIMATIC HMI Comfort Panels 1st Generation or KTP Mobile Panels for monitoring and control. Operations teams that rely on SNMP-based monitoring and remote management of these panels are most affected.
How it could be exploited
An attacker on the network sends crafted SNMP packets to port 161/UDP on the affected HMI panel. The WinCC Runtime SNMP service crashes or becomes unresponsive, denying service to legitimate monitoring and management tools.
Prerequisites
- Network access to port 161/UDP on the affected HMI panel
- No credentials required
remotely exploitableno authentication requiredlow complexityaffects monitoring and remote management capability
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants)< V16 Update 416 Update 4
SIMATIC HMI KTP Mobile Panels< V16 Update 416 Update 4
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to SNMP port 161/UDP on HMI panels using firewall rules, allowing only authorized monitoring hosts
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SIMATIC HMI KTP Mobile Panels
HOTFIXUpdate SIMATIC HMI KTP Mobile Panels to V16 Update 4 or later
All products
HOTFIXUpdate SIMATIC HMI Comfort Panels 1st Generation to V16 Update 4 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e46ec548-4332-465c-a4e4-2ec273592460