Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products

Plan Patch7.3SSA-773256Sep 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A Socket.IO vulnerability in multiple Siemens industrial products allows a remote attacker to send a specially crafted Socket.IO packet that triggers an uncaught exception in the Socket.IO server, causing the Node.js process to crash. This results in a denial-of-service condition affecting SCADA human-machine interface (HMI) software, industrial edge device user interfaces, and engineering/administrative tools.

What this means

What could happen

An attacker could crash the HMI or engineering software running on an industrial computer or edge device, causing loss of visibility and control of plant processes until the service is manually restarted. For real-time systems like PCS neo or WinCC Runtime Professional, a crash could interrupt operator control of critical production or utility operations.

Who's at risk

Manufacturing facilities and utilities using Siemens SCADA and HMI software should care about this. Specifically: operators and engineering staff using SIMATIC WinCC (versions 7.4, 7.5, 8.0) or SIMATIC PCS neo for process monitoring and control; industrial edge computing environments running Data Flow Monitoring IED UI or LiveTwin applications; and engineering teams using TIA Administrator for system management. Any facility where these tools are Internet-accessible or on shared networks is at risk.

How it could be exploited

An attacker with network access to the Socket.IO service (typically listening on port 3000 or another HTTP port on the industrial computer or edge device) sends a specially crafted Socket.IO packet. The malformed packet triggers an unhandled exception in the Node.js process, causing it to terminate and the service to become unavailable.

Prerequisites

Network access to the Socket.IO service port on the affected industrial computer or edge device
The industrial software (WinCC, PCS neo, etc.) must be running and the Socket.IO service active
No authentication required to send the crafted packet

Remotely exploitableNo authentication requiredLow complexityAffects SCADA/HMI systemsHigh availability impact (denial of service)Multiple affected products with legacy versions having no fix available

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (12)

10 with fix2 EOL

ProductAffected VersionsFix Status

AI Model Deployer< V1.11.1

Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI)< V0.0.60.0.6

LiveTwin Industrial Edge app< V2.42.4

SIMATIC PCS neo V4.1All versions < V4.1 Update 24.1 Update 2

SIMATIC PCS neo V5.0All versions < V5.0 Update 15.0 Update 1

SIMATIC WinCC Runtime Professional V18All versions < V18 Update 518 Update 5

SIMATIC WinCC Runtime Professional V19All versions < V19 Update 319 Update 3

SIMATIC WinCC V7.5All versions < V7.5 SP2 Update 187.5 SP2 Update 18

Remediation & Mitigation

0/14

Do now

0/2

WORKAROUNDRestrict network access to Socket.IO service ports (typically port 3000 and related) on industrial computers and edge devices using firewall rules; allow only engineering workstations and authorized operator interfaces

WORKAROUNDDisable Socket.IO service when not actively needed for remote engineering or monitoring

Schedule — requires maintenance window

0/10

Patching may require device reboot — plan for process interruption

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: SIMATIC WinCC Runtime Professional V17, SIMATIC WinCC V7.4. Apply the following compensating controls:

HARDENINGFor SIMATIC WinCC Runtime Professional V17 and SIMATIC WinCC V7.4 (no fix available), isolate these systems from untrusted networks; implement strict network segmentation and firewall controls

HARDENINGPlan migration from unsupported versions (V17, V7.4) to patched versions as part of lifecycle management

CVEs (1)

CVE-2024-38355

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close