Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices
Monitor4.6SSA-792319Mar 12, 2024
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The read-out protection on the internal flash memory of SENTRON 7KM PAC3120 and PAC3220 devices was not properly enabled during manufacturing for units produced between October and December 2023 (firmware versions 3.2.3 and early 3.2.4). An attacker with physical access to an affected device can read the unprotected flash memory and extract sensitive data including configuration details and credentials. Siemens has released firmware version 3.2.4 to enable proper flash protection. Update to V3.2.4 or later.
What this means
What could happen
An attacker with physical access to a SENTRON 7KM PAC3x20 device manufactured during October-December 2023 can read the internal flash memory, potentially exposing sensitive configuration data, credentials, and device firmware details.
Who's at risk
Manufacturing facilities and utilities that use SENTRON 7KM PAC3x20 power monitoring and control devices for electrical distribution and load management. This particularly affects facilities with devices manufactured during the October-December 2023 window. The SENTRON line is commonly used in industrial control systems for real-time electrical monitoring.
How it could be exploited
An attacker must physically access the device and connect to the flash memory interface to read unprotected data. This could be done during a site visit, during maintenance, or if the device is temporarily removed from service. The attacker does not need to interact with the device's operational interfaces—only direct physical access to the hardware is required.
Prerequisites
- Physical access to the device
- Device must be manufactured between October 2023 and December 2023 (serial number range LQN231003 to LQN231215)
- Device running firmware version 3.2.3 or 3.2.4
Physical access requiredAffects specific manufacturing batchCredentials and configuration data exposure possibleLow complexity to exploit
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
SENTRON 7KM PAC3120 AC/DCAll versions ≥ V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)3.2.4
SENTRON 7KM PAC3120 DCAll versions ≥ V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)3.2.4
SENTRON 7KM PAC3220 AC/DCAll versions ≥ V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)3.2.4
SENTRON 7KM PAC3220 DCAll versions ≥ V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)3.2.4
Remediation & Mitigation
0/4
Do now
0/1HARDENINGIf firmware update is delayed, restrict physical access to affected devices and limit unauthorized personnel from accessing the device location
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
SENTRON 7KM PAC3120 AC/DC
HOTFIXUpdate SENTRON 7KM PAC3120 AC/DC and DC devices to firmware version 3.2.4 or later
SENTRON 7KM PAC3220 AC/DC
HOTFIXUpdate SENTRON 7KM PAC3220 AC/DC and DC devices to firmware version 3.2.4 or later
All products
HOTFIXPrioritize devices manufactured between October 2023 and December 2023 (serial number format LQNYYMMDD where YYMMDD is between 231003 and 231215) for update
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/897e56c0-020b-46bf-a5a9-e717367b2215