Denial of Service Vulnerability in SIMATIC RFID Readers
Plan Patch7.5SSA-787292Jun 8, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SIMATIC RFID reader devices (RF610R, RF615R, RF650R, RF680R, RF685R, RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R) contain a vulnerability that allows an unauthorized attacker to crash the OPC UA service on the affected device. The vulnerability is triggered by improper handling of network input (CWE-400). Successful exploitation causes denial of service, preventing the reader from communicating with control systems. Affected firmware versions are: RF6xx R series versions 3.0 through 3.x, RF1xx C series versions 1.1 through 1.3.1, and RF360R prior to version 2.0. Siemens recommends updating to the patched versions as soon as possible.
What this means
What could happen
An attacker can remotely crash the OPC UA service on SIMATIC RFID readers, causing the reader to stop communicating with control systems and interrupting inventory tracking, asset management, or manufacturing process automation that depends on RFID data.
Who's at risk
Manufacturing and material handling operations that use Siemens SIMATIC RFID readers for inventory tracking, asset management, or manufacturing process control. This includes automotive suppliers, electronics assembly plants, pharmaceutical manufacturers, warehouses, and any facility using RFID for automation. Multiple reader models are affected across different regional variants (FCC, ETSI, CMIIT, ARIB).
How it could be exploited
An attacker on the network sends a malformed or excessive request to the OPC UA service listening on the RFID reader. The service fails to handle the input properly, causing the reader to crash. Once the OPC UA service stops, the reader cannot report tag reads or accept commands from the control system.
Prerequisites
- Network access to the OPC UA port on the RFID reader (typically port 4840)
- No authentication required
remotely exploitableno authentication requiredlow complexityhigh availability impact
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (25)
25 with fix
ProductAffected VersionsFix Status
SIMATIC Reader RF610R CMIIT> V3.0 < V4.04.0
SIMATIC Reader RF610R ETSI> V3.0 < V4.04.0
SIMATIC Reader RF610R FCC> V3.0 < V4.04.0
SIMATIC Reader RF615R CMIIT> V3.0 < V4.04.0
SIMATIC Reader RF615R ETSI> V3.0 < V4.04.0
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDRestrict network access to the OPC UA port (typically 4840) on RFID readers to authorized control systems and engineering workstations using firewall rules
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
SIMATIC RF166C
HOTFIXUpdate SIMATIC RF166C, RF185C, RF186C, RF186CI, RF188C, and RF188CI to firmware version 1.3.2 or later
SIMATIC RF360R
HOTFIXUpdate SIMATIC RF360R to firmware version 2.0 or later
All products
HOTFIXUpdate SIMATIC Reader RF610R, RF615R, RF650R, RF680R, and RF685R to firmware version 4.0 or later
Long-term hardening
0/1HARDENINGSegment RFID readers onto a separate industrial control network not directly accessible from the plant floor or internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5ebff0c4-099f-4383-8a45-b364c93f8725