Denial of Service Vulnerability in TIA Administrator

Plan Patch7.5SSA-711829Apr 12, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in TIA Administrator allows an unauthenticated attacker to cause a denial of service by sending a malformed network request. The service does not properly validate input, leading to resource exhaustion and service crash. Affected products include SIMATIC PCS neo Administration Console (versions before 3.1 SP1), SINETPLAN (all versions), and TIA Portal (V15, V15.1, V16, V17).

What this means

What could happen

An unauthenticated attacker on the network can crash the TIA Administrator service, making it unavailable for engineering staff to monitor or modify PLC configurations and setpoints. This could delay response to process issues or prevent emergency changes to control logic.

Who's at risk

Engineering and automation staff using Siemens TIA Portal and SIMATIC PCS neo for PLC programming and process monitoring. Affects users with V15, V15.1, V16, or V17 of TIA Portal; all versions of SINETPLAN; and SIMATIC PCS neo Administration Console versions before 3.1 SP1.

How it could be exploited

An attacker sends a specially crafted network request to the TIA Administrator service (which runs unprotected on the network). The service processes the request without proper validation, exhausts memory or CPU resources, and crashes. The attacker does not need valid credentials or physical access.

Prerequisites

Network access to TIA Administrator service port
Unauthenticated access (no credentials required)

Remotely exploitableNo authentication requiredLow complexity attackAffects engineering workstations and control system administration

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

1 with fix1 pending1 EOL

ProductAffected VersionsFix Status

SIMATIC PCS neo (Administration Console)< V3.1 SP13.1 SP1

TIA PortalV15, V15.1, V16 and V17No fix yet

SINETPLANAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGImplement network firewall rules to restrict access to TIA Administrator port to authorized engineering workstations and subnets only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SIMATIC PCS neo (Administration Console)

HOTFIXUpdate SIMATIC PCS neo Administration Console to version 3.1 SP1 or later

All products

HOTFIXUpdate TIA Administrator to version 1.0 SP7 or later

Mitigations - no patch available

0/1

SINETPLAN has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate TIA Administrator service on a dedicated engineering network segment with restricted inbound access

CVEs (1)

CVE-2022-27194

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5332aa57-dec1-4106-b2f0-9bbc2d27b44e