Siemens SIMATIC ET 200AL, ET 200MP, ET 200SP, and Couplers Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple Siemens SIMATIC products, including ET 200AL IM 157-1 PN, ET 200MP IM 155-5 PN HF, ET 200SP IM 155-6 MF HF, ET 200SP IM 155-6 PN HA, ET 200SP IM 155-6 PN R1, ET 200SP IM 155-6 PN/2 HF, ET 200SP IM 155-6 PN/3 HF, SIMATIC PN/MF Coupler, and SIMATIC PN/PN Coupler. The vulnerability arises because these devices do not properly manage S7 protocol session disconnect requests. When a valid S7 protocol Disconnect Request is received on TCP port 102, the devices enter an incorrect session state. This flaw can be exploited to make the device unresponsive, creating a denial-of-service condition that necessitates a power cycle to restore normal functionality.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive and requiring a power cycle to restore normal operation.

Remediation

Siemens has released updates for several affected products. For products where no fix is currently available, it is recommended to restrict network access to the devices, filter port 102 to accept connections only from trusted IP addresses, and follow Siemens' operational guidelines for Industrial Security. Specific update instructions can be found on the Siemens Support website.