How to find Siemens devices on your network

Blain Smith

Rob King

Tom Sellers

Updated July 16, 2024, 5:00pm EDT

Latest Siemens vulnerabilities: SIMATIC S7-200 SMART Devices #

Siemens has disclosed a vulnerability in their SIMATIC S7-200 SMART Devices.

CVE-2024-35292 is rated high, with a CVSS score of 8.2, and allows attackers to predict IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial-of-service condition.

What is the impact? #

Successful exploitation of this vulnerability would allow an attacker to issue a denial-of-service condition.

Are updates or workarounds available? #

The only workaround is to restrict access to the network where the affected products are located by introducing strict access control mechanisms.

How to find potentially vulnerable systems with runZero #

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:SIMATIC

SENTRON, SCALANCE, and RUGGEDCOM vulnerabilities (March 2024) #

In March, 2024, Siemens released security advisories for a variety of products and devices, including the SENTRON, SCALANCE, and RUGGEDCOM product lines.

Several of the vulnerabilities had CVSS scores in the 7.0 to 8.9 range (high) and several more in the 9.0 to 10.0 range (critical).

For the full list of vulnerabilities, you can consult Siemens ProductCERT.

What was the impact? #

Several of these vulnerabilities allowed for unauthenticated remote code execution, allowing for compromise of the vulnerable systems. Other vulnerabilities could lead to privilege escalation, information disclosure, or denial of service. Users were urged to upgrade as quickly as possible.

Siemens released updates via a variety of channels. See Siemens ProductCERT for details.

How runZero users found potentially vulnerable systems
#

From the Asset Inventory, runZero users applied the following query to locate Siemens assets that were potentially vulnerable:

hardware:Siemens OR hardware:RuggedCom

Written by Blain Smith

Blain Smith is a Security Research Engineer at runZero. He spent most of his career in cloud and distributed systems for AAA gaming, entertainment, and networking working on some of the most popular games and systems millions of people play and watch daily. He has given numerous talks at conferences such as TEDx, GopherCon, and P99CONF. His shift into infosec has afforded him the ability to apply his distributed systems and networking knowledge to other industries such as IoT and OT.

More about Blain Smith

Written by Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

More about Rob King

Written by Tom Sellers

Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has built and operated Internet scale scanning and honeypot projects. He is credited on many patents for network deception techonology. A strong believer in Open Source he has contributed to projects such as Nmap, Metasploit, and Recog.

More about Tom Sellers