1. EXECUTIVE SUMMARY
- CVSS v3 7.1
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SIMATIC Ident MV420 and MV440 Families
- Vulnerabilities: Improper Privilege Management, Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker to escalate privileges and view data transmitted between the device and the user.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following SIMATIC Ident families are affected:
- MV420: All versions
- MV440: All versions
3.2 VULNERABILITY OVERVIEW
An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver.
Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position.
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Germany
Siemens PSIRT reported these vulnerabilities to NCCIC.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- By setting the DISA bit, changes to the project by logged-in users can be prevented. Please refer to the Operating Instructions for more details: https://support.industry.siemens.com/cs/us/en/view/84553392
- Protect network access to affected devices.
For more information see Siemens security advisory SSA-816980, which can be found at the following link:
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:
- Do not click web links or open unsolicited attachments in email messages.
- Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
- Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
No known public exploits specifically target these vulnerabilities.
Toll Free: 1-888-282-0870