OTPulse
FeedAboutContact

Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP before V1.3.0

Act Now9.8SSA-831302Jun 13, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities exist in the BIOS of the SIMATIC S7-1500 TM MFP before V1.3.0, including memory corruption, buffer overflow, input validation, use-after-free, and integer overflow flaws. These flaws allow remote code execution without authentication. Siemens has released BIOS version 1.3.0 to address these issues.

What this means
What could happen
An attacker could exploit multiple BIOS vulnerabilities to execute arbitrary code on the S7-1500 TM MFP, potentially gaining full control over the programmable logic controller and disrupting industrial processes that depend on it.
Who's at risk
This affects operators of SIMATIC S7-1500 TM MFP controllers used in critical infrastructure including water treatment, power distribution, manufacturing, and any industrial process that relies on this PLC for automation and control logic.
How it could be exploited
An attacker with network access to the device can send specially crafted requests to trigger memory corruption, buffer overflow, or input validation flaws in the BIOS. This allows remote code execution without credentials, giving the attacker the ability to modify control logic, change process parameters, or halt operations.
Prerequisites
  • Network access to the SIMATIC S7-1500 TM MFP
  • No credentials or authentication required
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)High EPSS score (59.4%)Affects safety-critical control systemsMultiple vulnerability types including memory corruption and buffer overflows
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-1500 TM MFP - BIOS<V1.3.01.3.0
Remediation & Mitigation
0/1
Do now
0/1
HOTFIXUpdate SIMATIC S7-1500 TM MFP BIOS to version 1.3.0 or later
CVEs (72)
CVE-2016-10228CVE-2019-25013CVE-2020-1752CVE-2020-10029CVE-2020-27618CVE-2020-29562CVE-2021-3326CVE-2021-3998CVE-2021-3999CVE-2021-20269CVE-2021-27645CVE-2021-28831CVE-2021-33574CVE-2021-35942CVE-2021-38604CVE-2021-42373CVE-2021-42374CVE-2021-42375CVE-2021-42376CVE-2021-42377CVE-2021-42378CVE-2021-42379CVE-2021-42380CVE-2021-42381CVE-2021-42382CVE-2021-42383CVE-2021-42384CVE-2021-42385CVE-2021-42386CVE-2021-44879CVE-2022-1015CVE-2022-1882CVE-2022-2585CVE-2022-2588CVE-2022-2905CVE-2022-3028CVE-2022-3435CVE-2022-3586CVE-2022-4378CVE-2022-4662CVE-2022-20421CVE-2022-20422CVE-2022-21233CVE-2022-23218CVE-2022-23219CVE-2022-28391CVE-2022-30065CVE-2022-39188CVE-2022-39190CVE-2022-40307CVE-2022-41222CVE-2022-42703CVE-2023-0179CVE-2023-0394CVE-2023-1073CVE-2023-2898CVE-2023-3390CVE-2023-3610CVE-2023-3611CVE-2023-3776CVE-2023-4004CVE-2023-4015CVE-2023-4128CVE-2023-4147CVE-2023-4273CVE-2023-4527CVE-2023-4806CVE-2023-4911CVE-2023-5156CVE-2023-31248CVE-2023-35001CVE-2023-45863
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/744b8d8b-f428-4e0d-89a5-5053bcd8f1d4
Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP before V1.3.0 | CVSS 9.8 - OTPulse