Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Plan Patch7.5SSA-789208Aug 4, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Four vulnerabilities in the Interniche IP stack affect Siemens low-voltage power measurement and distribution devices. These are input validation (CWE-20) and weak random number generation (CWE-330) flaws in the network stack. Affected devices include SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (all versions affected, some versions patched), SENTRON 3WA COM190, and SENTRON 3WL COM35. The vulnerabilities could allow remote attackers to cause device malfunction or denial of service without authentication.
What this means
What could happen
An attacker with network access could inject malformed packets into these power measurement and distribution devices, causing them to malfunction, go offline, or stop reporting accurate voltage and load data to your monitoring systems.
Who's at risk
Power utilities and industrial facilities using Siemens SENTRON low-voltage power measurement and distribution devices. Specifically affects: SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module (power analyzer/energy manager), SENTRON 3WA COM190 (motor control center communicator), and SENTRON 3WL COM35 (air circuit breaker communicator). If your facility monitors or manages electrical loads through these devices, you are affected.
How it could be exploited
An attacker on the network sends specially crafted packets targeting the Interniche IP stack on the device. The flaw is in how the stack validates input (CWE-20: improper input validation), allowing the attacker to bypass authentication or trigger unexpected behavior without needing valid credentials. The device is directly reachable from the network via PROFINET or Ethernet.
Prerequisites
- Network reachability to the device on Ethernet/PROFINET
- No valid credentials required
- Device must be running an affected firmware version
Remotely exploitableNo authentication requiredLow complexity attackNetwork-accessible deviceAffects power distribution visibilityOne product version has no patch available
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module< V2.1.62.1.6
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion Module< V3.0.43.0.4
SENTRON 3WA COM190< V2.0.02.0.0
SENTRON 3WL COM35< V1.2.01.2.0
SENTRON 7KM PAC Switched Ethernet PROFINET Expansion ModuleAll versions2.1.6, 3.0.4
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SENTRON 3WA COM190
HOTFIXUpdate SENTRON 3WA COM190 to firmware v2.0.0 or later
SENTRON 3WL COM35
HOTFIXUpdate SENTRON 3WL COM35 to firmware v1.2.0 or later
All products
HOTFIXUpdate SENTRON 7KM PAC to firmware v2.1.6 or later
HOTFIXUpdate SENTRON 7KM PAC to firmware v3.0.4 or later
Long-term hardening
0/2HARDENINGImplement network segmentation to restrict direct Ethernet/PROFINET access to these devices from untrusted networks
HARDENINGDeploy firewall rules to limit inbound traffic to these devices to only authorized management and monitoring stations
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e0d716d1-0c9e-40bc-b619-fdd38681eb2d