Multiple Vulnerabilities in Third-Party Component libcurl

Plan Patch7.5SSA-936080Mar 9, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SCALANCE SC600 family, SIMATIC CM 1542-1, and SIMATIC CP 343-1 Advanced devices contain a vulnerability in the third-party libcurl component (CWE-125: out-of-bounds read) that allows remote denial-of-service. An attacker can send a crafted request to cause the device to crash or become unresponsive, disrupting network connectivity for industrial control systems. SCALANCE SC600 and CM 1542-1 have vendor updates available. CP 343-1 Advanced devices on versions V3.0.33, V3.0.44, and V3.0.53 have no patch planned. Siemens recommends network segmentation and access controls for unpatched devices.

What this means

What could happen

An attacker on the network could send a malformed request to these Siemens communication modules, causing them to crash or stop responding. This would disrupt network connectivity for critical control systems and engineering workstations.

Who's at risk

Siemens SCALANCE SC600 industrial switches, SIMATIC CM 1542-1 communication modules, and SIMATIC CP 343-1 Advanced Ethernet modules. These devices are critical network infrastructure in manufacturing, water/wastewater, and utility control systems where network outages directly impact process operations.

How it could be exploited

An attacker with network access to the device's management or communication interface sends a specially crafted HTTP request that triggers a buffer over-read in the libcurl library. This causes the process to crash, resulting in denial of service.

Prerequisites

Network access to the affected device on the management/HTTP port
No authentication required

Remotely exploitableNo authentication requiredLow complexity exploitationAffects network infrastructure for critical control systemsNo patch available for CP 343-1 Advanced

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

SCALANCE SC600 Family< V2.02.0

SIMATIC CM 1542-1< V3.03.0

SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)V3.0.33, V3.0.44 and V3.0.53No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDFor SIMATIC CP 343-1 Advanced devices on affected versions (V3.0.33, V3.0.44, V3.0.53), implement network segmentation and firewall rules to restrict access to the device's management interface

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SCALANCE SC600 Family

HOTFIXUpdate SCALANCE SC600 family devices to firmware version 2.0 or later

SIMATIC CM 1542-1

HOTFIXUpdate SIMATIC CM 1542-1 devices to firmware version 3.0 or later

Mitigations - no patch available

0/1

SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor Siemens Security Advisory SSA-436177 for additional libcurl vulnerabilities and apply patches when available

CVEs (1)

CVE-2019-3823

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3dea97e0-b7c8-4b93-88fb-0aca4fb68b94