Information Disclosure Vulnerability in Climatix POL909 (AWM and AWB)

Monitor6.4SSA-703715Nov 9, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Climatix POL909 (AWM and AWB modules) contains an information disclosure vulnerability in its communication protocol. The vulnerability allows a man-in-the-middle attacker to read sensitive data such as administrator credentials or modify data in transit due to lack of encryption or weak encryption of control communications.

What this means

What could happen

An attacker positioned between a user workstation and the Climatix POL909 controller could intercept and read credentials or modify configuration commands in transit. This could lead to unauthorized access to building automation functions or alteration of heating/cooling setpoints and schedules.

Who's at risk

Building automation and HVAC operators using Siemens Climatix POL909 controllers in water utilities, district heating systems, and municipal facilities for temperature and equipment control.

How it could be exploited

An attacker must first position themselves on the network path between a user's engineering workstation and the Climatix POL909 device (via ARP spoofing, DNS hijacking, or compromise of network infrastructure). The attacker then captures unencrypted traffic to extract sensitive data or inject malicious commands into the communication stream.

Prerequisites

Network position between user workstation and Climatix POL909 (man-in-the-middle capability)
No encryption or weak encryption on communication channel

remotely exploitablelow complexityman-in-the-middle attack

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Climatix POL909 (AWB module)< V11.4211.42

Climatix POL909 (AWM module)< V11.3411.34

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Climatix POL909 (AWB module)

HOTFIXUpdate Climatix POL909 AWB module to firmware version 11.42 or later

Climatix POL909 (AWM module)

HOTFIXUpdate Climatix POL909 AWM module to firmware version 11.34 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate Climatix POL909 from untrusted network segments

HARDENINGMonitor network traffic between workstations and Climatix POL909 for signs of man-in-the-middle activity

CVEs (1)

CVE-2021-40366

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/94f405fd-948a-4026-a613-4700ea9d38c1