Connect with us

Hi, what are you looking for?



Siemens Patches DoS, Other Vulnerabilities in SIMATIC HMI Products

Researchers have identified three vulnerabilities in Siemens’ SIMATIC HMI devices. The German engineering giant has started releasing software updates to address the security holes in affected products.

Researchers have identified three vulnerabilities in Siemens’ SIMATIC HMI devices. The German engineering giant has started releasing software updates to address the security holes in affected products.

The most severe of the issues is a resource exhaustion vulnerability (CVE-2015-2822) that can be leveraged by an attacker positioned between the HMI panel and a programmable logic controller (PLC) to cause a denial-of-service (DoS) condition in the HMI panel. The flaw can be exploited by sending specially crafted packets on TCP port 102, ICS-CERT and Siemens explained in advisories.

The fact that a malicious actor can launch this kind of man-in-the-middle (MitM) attack by positioning himself on the network path between a PLC and its communication partner is a separate vulnerability that has been assigned the CVE identifier CVE-2015-1601. An attacker can leverage this vulnerability to intercept or modify industrial communications, Siemens said.

The third flaw is related to authentication (CVE-2015-2823). Researchers have discovered that users can authenticate themselves not just with the actual passwords, but with the password hashes as well.

“If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves,” ICS-CERT explained.

The remotely exploitable vulnerabilities affect SIMATIC HMI Basic Panels (1st and 2nd generation), HMI Comfort Panels, WinCC Runtime Advanced, WinCC Runtime Professional, HMI Mobile Panels, HMI Multi Panels, NET PC-Software (V12 and V13), WinCC V7.x, and the SIMATIC Automation Tool. These products are used for controlling and monitoring machines and plants, communications between controllers and PC-based solutions, and controlling and monitoring physical processes.

Siemens has released updates for most of the impacted products. The company says it’s currently preparing patches for SIMATIC HMI Basic Panels 1st Generation, HMI Mobile Panel 277, and HMI Multi Panels.

Advertisement. Scroll to continue reading.

Until the fixes become available, organizations are advised to apply defense-in-depth recommendations, use VPNs to protect network communications, and apply the cell protection concept described in Siemens’ operational guidelines for industrial security. Since two of the vulnerabilities can be exploited through port 102/TCP, ICE-CERT recommends blocking all external traffic to that port.

The MitM and resource exhaustion vulnerabilities were reported to Siemens by the Quarkslab team. The authentication bug was identified by Ilya Karpov of Positive Technologies.

Related: Learn More At the ICS Cyber Security Conference

Related: Siemens Fixes Vulnerabilities in Several ICS Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.