Security Experts:

Connect with us

Hi, what are you looking for?



Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels

Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.

Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.

SIMATIC HMI panels are designed for operator control and the monitoring of machines and plants.Siemens SIMATIC HMI vulnerability

Ta-Lun Yen, a researcher at TXOne Networks, an IIoT security-focused joint venture between Trend Micro and Moxa, discovered that these products are affected by a missing authentication issue related to the Telnet service. Affected devices that have Telnet enabled do not require any authentication, allowing a remote attacker to gain full access to a device, Siemens said.

The German industrial giant said the vulnerability (CVE-2020-15798) impacts SIMATIC HMI Comfort Panels, including SIPLUS products designed for extreme conditions, and SIMATIC HMI KTP Mobile Panels. Patches are included in v16 update 3a and later. All previous versions are affected.

In addition to installing the available patches, organizations can disable Telnet to prevent potential attacks exploiting this vulnerability. Siemens pointed out that Telnet is not enabled by default on the impacted devices.

TXOne’s Yen told SecurityWeek that he has not identified many devices that can be targeted from the internet, but noted that there may be some configurations that make them reachable over the intranet.

According to the researcher, an attacker could exploit the vulnerability to use the HMI as a foothold in the targeted network — the devices run Windows CE and he says there is no endpoint protection available.

He also believes an attacker could use the compromised HMI device to reach other systems, such as sensors and PLCs, or to disable them by sending them “weird values.” An attacker could also display inaccurate information in the HMI to avoid raising suspicion while they conduct other malicious activities that could cause damage to an industrial organization.

Yen said the vulnerability can also be leveraged to brick a device and temporarily prevent the operator from interacting with factory processes. It’s also possible to abuse the HMI for cryptocurrency mining, but this scenario is unlikely as it’s economically unfeasible, the researcher noted.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also published an advisory to warn industrial organizations about the risk posed by this flaw. Trend Micro’s Zero Day Initiative (ZDI), which along with CISA helped coordinate disclosure, will also publish an advisory for this vulnerability in the upcoming period.

Related: Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Related: Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks

Related: Siemens, Schneider Electric Address Serious Vulnerabilities in ICS Products

Related: Open Source Tool Helps Secure Siemens PCS 7 Control Systems

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.