Denial-of-Service Vulnerability in the Web Server of Industrial Products
Plan Patch7.5SSA-693975Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial-of-service vulnerability exists in the web server of multiple Siemens SIMATIC communication processors and SINAMICS S210 drives. An attacker with network access to the web server can send a crafted request that causes the device to become unresponsive or crash, disrupting communication between control systems and field devices. Affected models include SIMATIC CP 1242-7 V2, CP 1243-1 (standard, DNP3, and IEC variants), CP 1243-7 LTE, CP 1243-8 IRC, CP 1543-1, and SINAMICS S210 drives running versions below their respective fix levels. The CP 1243-1 DNP3 variant has no vendor fix planned.
What this means
What could happen
An attacker with network access to the web server can crash the device or make it unresponsive, halting communication with the PLC or control system and disrupting plant operations until the device is manually restarted.
Who's at risk
Manufacturing facilities using Siemens SIMATIC communication processors (CP 1242-7, CP 1243-1, CP 1243-7, CP 1243-8, CP 1543-1) and SINAMICS S210 drives in their industrial networks should assess their exposure. These devices act as bridges between engineering systems and control networks, so loss of availability directly impacts process monitoring and remote control capabilities.
How it could be exploited
An attacker on the network sends a malformed request or specific payload to the web server port of a vulnerable SIMATIC communication processor. The device fails to properly handle the request, consuming resources or crashing, rendering it unable to process legitimate traffic or commands from the control system.
Prerequisites
- Network access to the web server port of the affected device
- No authentication required
- Device must be reachable from the network segment where the attacker is located
Remotely exploitableNo authentication requiredLow attack complexityAvailability impact to critical network devicesNo patch available for CP 1243-1 DNP3 variant
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (9)
9 with fix
ProductAffected VersionsFix Status
SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)<V3.4.293.4.29
SIMATIC CP 1243-1 (incl. SIPLUS variants)<V3.4.293.4.29
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)<V3.4.293.4.29
SIMATIC CP 1243-7 LTE<V3.4.293.4.29
SIMATIC CP 1243-8 IRC<V3.4.293.4.29
SIMATIC CP 1543-1<V3.0.373.0.37
SINAMICS S210 (6SL5...)All versions ≥ V6.1 < V6.1 HF26.1 HF2
SIPLUS NET CP 1543-1<V3.0.373.0.37
Remediation & Mitigation
0/10
Do now
0/1WORKAROUNDFor SIMATIC CP 1243-1 DNP3 (no patch available), implement firewall rules to restrict network access to the web server port to authorized engineering workstations and management systems only
Schedule — requires maintenance window
0/8Patching may require device reboot — plan for process interruption
SIMATIC CP 1243-7 LTE
HOTFIXUpdate SIMATIC CP 1243-7 LTE to firmware version 3.4.29 or later
SIMATIC CP 1243-8 IRC
HOTFIXUpdate SIMATIC CP 1243-8 IRC to firmware version 3.4.29 or later
SIMATIC CP 1543-1
HOTFIXUpdate SIMATIC CP 1543-1 to firmware version 3.0.37 or later
SIPLUS NET CP 1543-1
HOTFIXUpdate SIPLUS NET CP 1543-1 to firmware version 3.0.37 or later
All products
HOTFIXUpdate SIMATIC CP 1242-7 V2 to firmware version 3.4.29 or later
HOTFIXUpdate SIMATIC CP 1243-1 to firmware version 3.4.29 or later
HOTFIXUpdate SIMATIC CP 1243-1 IEC to firmware version 3.4.29 or later
HOTFIXUpdate SINAMICS S210 to firmware version 6.1 HF2 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate affected devices from untrusted network segments
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/faef1a64-0da3-4b32-9c86-2338c8e4d93a