Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)

Monitor7.8SSA-678983May 11, 2021

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Intel published multiple vulnerability advisories in November 2020 affecting Intel CSME, SPS, TXE, AMT, DAL, RAPL, processor, and BIOS components. These vulnerabilities affect Siemens SIMATIC industrial PCs, handheld terminals, Drive Controllers, and SINUMERIK CNC equipment that use Intel CPUs. The vulnerabilities include privilege escalation flaws (CVE-2020-8745, CVE-2020-8694, CVE-2020-8698, CVE-2020-0590) that could allow local attackers to gain elevated privileges. Siemens has released BIOS and firmware updates for all affected products.

What this means

What could happen

An attacker with local access to these Siemens industrial PCs or CNC controllers could escalate privileges and potentially execute unauthorized code, allowing them to modify process parameters, alter machining programs, or disable safety systems.

Who's at risk

Manufacturing facilities using Siemens SIMATIC industrial PCs (IPC427E, IPC477E, IPC527G, IPC547G, IPC627E, IPC647E, IPC677E, IPC847E, IPC127E, and ITP1000) and SINUMERIK CNC controllers (828D HW PU.4, MC MCU 1720, NCU 1740, PPU 1740, and HT 10 handhelds). Also affects SIMATIC Field PG portable engineering stations and SIMATIC Drive Controller family used for machine automation and CNC operations.

How it could be exploited

An attacker with local user account access to one of these SIMATIC or SINUMERIK devices could exploit privilege escalation vulnerabilities in the Intel BIOS, CSME, or processor firmware to gain administrative control. From there, they could run arbitrary commands or modify the device's behavior.

Prerequisites

Local user account on the affected industrial PC or CNC controller
Physical access or network access to a user-level account
BIOS firmware version below the patched version for the specific product

Low complexity privilege escalationAffects manufacturing equipmentMultiple Intel CPU vulnerability classes (CSME, processor, BIOS, RAPL)

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (20)

20 pending

ProductAffected VersionsFix Status

SIMATIC Field PG M6< V26.01.08No fix yet

SIMATIC IPC527GAll BIOS versions < V1.4.0No fix yet

SIMATIC IPC547G< R1.30.0No fix yet

SIMATIC IPC627EAll BIOS versions < V25.02.08No fix yet

SIMATIC IPC647EAll BIOS versions < V25.02.08No fix yet

Remediation & Mitigation

0/16

Schedule — requires maintenance window

0/14

Patching may require device reboot — plan for process interruption

Long-term hardening

0/2

HARDENINGRestrict local user account access to affected industrial PCs and CNC controllers; use role-based access controls to limit who can log in locally

HARDENINGEnable BIOS-level security features such as secure boot and BIOS password protection where available

CVEs (4)

CVE-2020-0590 CVE-2020-8694 CVE-2020-8698 CVE-2020-8745

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close