Siemens SIMATIC Products User Enumeration Vulnerability in Web Server

A user enumeration vulnerability has been identified in the web server of several Siemens SIMATIC products. This vulnerability arises because the login functionality does not normalize response times for login attempts, allowing an unauthenticated remote attacker to exploit this side-channel information to differentiate between valid and invalid usernames. The vulnerability affects various SIMATIC products, including the Drive Controller family, ET 200SP Open Controller CPU 1515SP PC2 (including SIPLUS variants), S7-1200 CPU family V4 (including SIPLUS variants), S7-1500 CPU family (including related ET 200 CPUs and SIPLUS variants), S7-1500 Software Controller, and S7-PLCSIM Advanced. The vulnerability is considered exploitable only via HTTP.

Impact

Exploitation of this vulnerability could lead to unauthorized identification of valid usernames, potentially allowing for targeted attacks such as password guessing or phishing.

Remediation

Siemens has released patches for the affected products. Users are advised to update to the latest versions. For specific update instructions, refer to the Siemens support website.