Authentication Vulnerability in SIMATIC Process Historian

Act Now9.8SSA-766247Oct 12, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

An authentication bypass vulnerability exists in the configuration interface of redundant SIMATIC Process Historian instances. The vulnerability allows unauthenticated attackers to execute administrative database operations on affected versions. Affected versions include all SIMATIC Process Historian 2013, 2014 (before SP3 Update 6), 2019, and 2020 (before Update 2). The vulnerability is restricted to local access in recent versions starting from SIMATIC Process Historian 2020. Siemens recommends updating to patched versions where available.

What this means

What could happen

An attacker with network access to the configuration interface of redundant SIMATIC Process Historian instances can bypass authentication and execute administrative commands on the database, potentially altering historical data, process records, or system configuration without credentials.

Who's at risk

Organizations running SIMATIC Process Historian for data archival and reporting in water treatment, power distribution, chemical processing, and other critical infrastructure operations. Specifically affects facilities with redundant PH deployments (cluster configurations) used for high-availability monitoring and historian data storage.

How it could be exploited

An attacker on the network sends unauthenticated requests to the configuration interface of a redundant PH instance (typically port-based communication in the PH cluster). The vulnerability bypasses authentication checks, allowing the attacker to execute admin-level database operations directly.

Prerequisites

Network access to the SIMATIC Process Historian configuration interface (default or custom port)
Redundant PH instance configuration (vulnerability exists in cluster/HA setup)
PH version 2013, 2014 SP3 Update 5 or earlier, 2019 (all), or 2020 Update 1 or earlier

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)no patch available for PH 2013 and 2019

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

SIMATIC Process Historian 2020All versions2020 Update 2

SIMATIC Process Historian 2013 and earlierAll versionsNo fix (EOL)

SIMATIC Process Historian 2014< SP3 Update 6SP3 Update 6 or later

SIMATIC Process Historian 2019All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGFor PH 2013 and 2019 (no vendor fix available), implement network segmentation to restrict access to the PH configuration interface to authorized engineering workstations and admin systems only

WORKAROUNDImplement firewall rules to block unauthenticated access to the PH configuration interface from untrusted network segments

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SIMATIC Process Historian 2014

HOTFIXUpdate SIMATIC Process Historian 2014 to SP3 Update 6 or later

SIMATIC Process Historian 2020

HOTFIXUpdate SIMATIC Process Historian 2020 to Update 2 or later

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: SIMATIC Process Historian 2013 and earlier, SIMATIC Process Historian 2019. Apply the following compensating controls:

HARDENINGMonitor access logs for the PH configuration interface for unauthorized connection attempts or admin commands

CVEs (1)

CVE-2021-27395

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0cbf3cae-e9e0-4f00-a6f5-40dac1fcc1ba