OTPulse
FeedAboutContact

Unused HTTP Service on SENTRON 3KC ATC6 Ethernet Module

Monitor7.5SSA-918992Mar 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) exposes an unstable, unused HTTP service on port 80/tcp. An attacker on the Modbus-TCP network can trigger a crash or reboot of the device through malformed HTTP requests, causing the device to become unavailable and disrupting communications with connected monitoring and control systems.

What this means
What could happen
An attacker on the Modbus-TCP network can send crafted requests to the unused HTTP service, causing the device to become unstable or reboot, disrupting monitoring and control of power distribution equipment connected to the SENTRON 3KC ATC6 module.
Who's at risk
This vulnerability affects organizations operating Siemens SENTRON 3KC ATC6 power distribution monitoring and control systems. Facilities managing electrical substations, data centers, and industrial plants that rely on this module for power management and monitoring should prioritize protection of the Modbus network.
How it could be exploited
An attacker with network access to port 80/tcp on the Modbus-TCP Ethernet module crafts HTTP requests that trigger a defect in the unstable HTTP service. The malformed requests cause the device to crash or reboot, cutting off communication with connected monitoring and control systems.
Prerequisites
  • Network access to port 80/tcp on the Modbus-TCP Ethernet interface of the SENTRON 3KC ATC6 module
  • Device running any version of firmware (no version constraints)
remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75)All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDRestrict network access to port 80/tcp on the Modbus-TCP Ethernet module using firewall rules or network segmentation until a vendor patch is available
HARDENINGIsolate the SENTRON 3KC ATC6 module to a dedicated, access-controlled Modbus network segment separate from general IT and untrusted networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security advisories for availability of firmware updates that address this vulnerability and apply them during the next scheduled maintenance window
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dfd8f56a-a9da-4e63-bf09-e940c8b0666b
Unused HTTP Service on SENTRON 3KC ATC6 Ethernet Module | CVSS 7.5 - OTPulse