Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products
Plan Patch7.5SSA-892915Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple denial of service vulnerabilities exist in the webserver of affected Siemens industrial automation products. An attacker with network access to the webserver could send specially crafted requests to crash the webserver service, causing loss of access to device management and monitoring interfaces. Vulnerabilities involve improper input validation and resource handling in webserver processing.
What this means
What could happen
An attacker could crash the webserver on these controllers, preventing engineers from accessing the device for monitoring and configuration. For systems relying on web-based access for operations or diagnostics, this could disrupt maintenance and troubleshooting capabilities.
Who's at risk
Siemens SIMATIC S7-400 CPU controllers (models 412-2 PN V7, 414-3 PN/DP V7, 414F-3 PN/DP V7, 416-3 PN/DP V7, 416F-3 PN/DP V7), SIMATIC PC-Station Plus, SIPLUS S7-400 variants (414-3 PN/DP V7, 416-3 PN/DP V7), and SINAMICS S120 drive systems. These are critical in manufacturing environments for process control, automation, and machine operation. Water utilities and electric utilities using these controllers for pump control, valve actuation, or SCADA interfaces are also affected.
How it could be exploited
An attacker on the network sends malformed HTTP requests to the webserver port on the affected device. The vulnerability in request processing causes the webserver process to crash, making the web interface unavailable until the device is manually restarted. No authentication is required.
Prerequisites
- Network access to the webserver port (typically TCP 80 or 443) on the affected device
- No authentication required
remotely exploitableno authentication requiredlow complexityno patch available (most products)affects device manageability and diagnostics
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (9)
1 with fix1 pending7 EOL
ProductAffected VersionsFix Status
SIMATIC S7-400 CPU 412-2 PN V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 414-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC PC-Station PlusAll versionsNo fix yet
SINAMICS S120 (incl. SIPLUS variants)All versions < V5.2 SP3 HF155.2 SP3 HF15
SIMATIC S7-400 CPU 414F-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 416-3 PN/DP V7All versionsNo fix (EOL)
SIMATIC S7-400 CPU 416F-3 PN/DP V7All versionsNo fix (EOL)
SIPLUS S7-400 CPU 414-3 PN/DP V7All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGFor SIMATIC S7-400 controllers (all affected models) where no fix is available, implement network segmentation to restrict access to the webserver port—allow HTTP/HTTPS access only from authorized engineering workstations and monitoring systems
WORKAROUNDFor SIMATIC S7-400 controllers where no fix is available, disable the webserver if it is not actively used for operations or monitoring
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SINAMICS S120 and SIPLUS S120 controllers to firmware version V5.2 SP3 HF15 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Apply the following compensating controls:
HARDENINGMonitor webserver availability and implement automated restart procedures or alerting if the webserver process becomes unavailable
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3551cc1a-bc9d-43fd-a012-4520ca8850b4