Multiple Vulnerabilities in SIMATIC CN 4100 before V2.7

Act Now9.8SSA-777015Jan 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC CN 4100 devices before firmware version V2.7 contain multiple critical vulnerabilities allowing unauthenticated remote attackers to bypass authorization through user-controlled cryptographic keys, exploit default credentials, or change the device's IP address without authentication. Successful exploitation grants root-level access to the device, enabling attackers to modify configurations, disrupt network connectivity, or cause denial of service conditions. The vulnerabilities affect CWE-639 (use of hard-coded cryptographic key), CWE-20 (improper input validation), and CWE-1392 (default value in configuration).

What this means

What could happen

An attacker could remotely bypass authentication and gain root-level access to the CN 4100, allowing them to modify process configurations, alter network settings, or disable the device entirely and disrupt operations at your facility.

Who's at risk

Water utilities and municipal electric systems using SIMATIC CN 4100 industrial PCs as automation controllers, HMIs, or network appliances in their SCADA or process control networks should prioritize this update. The CN 4100 is commonly deployed in critical infrastructure environments where loss of access or system compromise could halt operations.

How it could be exploited

An attacker on the network could exploit unauthenticated endpoints to change the device's IP address, use default credentials, or bypass authorization checks with user-controlled cryptographic keys. Once authenticated, they have root access to run arbitrary commands on the CN 4100.

Prerequisites

Network access to the CN 4100 device
Device must be running firmware version before V2.7
No authentication credentials required for initial exploitation vectors

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)default credentialsaffects critical infrastructure

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC CN 4100<V2.72.7

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC CN 4100 to firmware version V2.7 or later

CVEs (3)

CVE-2023-49251 CVE-2023-49252 CVE-2023-49621

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3a9b225b-9aff-441a-a11e-4a021f84a96c