Skip to main content
Cybersecurity

Exploring Siemens OPC UA: A Comprehensive Guide

Exploring Siemens OPC UA: A Comprehensive Guide

1. EXECUTIVE SUMMARY

  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: OPC UA
  • Vulnerabilities: Observable Timing Discrepancy, Authentication Bypass by Primary Weakness

2. RISK EVALUATION

The vulnerabilities identified in Siemens’ OPC UA products pose significant risks to industrial control systems. Successful exploitation could allow an attacker to bypass application authentication, thereby gaining unauthorized access to sensitive data managed by the server. This could lead to data breaches, operational disruptions, and potential safety hazards in critical infrastructure sectors.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens has reported that the following products are affected by the identified vulnerabilities:

  • Industrial Edge for Machine Tools (formerly known as “SINUMERIK Edge”): All versions (CVE-2024-42513)
  • SIMIT V11: All versions (CVE-2024-42512)
  • SIMATIC BRAUMAT: All versions from V8.0 SP1 up to but not including V8.1 (CVE-2024-42513)
  • SIMATIC Energy Manager PRO: All versions from V7.5 up to but not including V7.5 Update 2
  • SIMATIC Energy Manager PRO: All versions after V7.2 Update 6
  • SIMATIC IPC DiagMonitor: All versions (CVE-2024-42513)
  • SIMATIC SISTAR: All versions from V8.0 SP1 up to but not including V8.1 (CVE-2024-42513)
  • SIMATIC WinCC Unified V18: All versions (CVE-2024-42513)
  • SIMATIC WinCC Unified V19: All versions before V19 Update 4 (CVE-2024-42513)
  • SIMATIC WinCC V8.0: All versions before V8.0 Update 3 (CVE-2024-42513)

3.2 VULNERABILITY OVERVIEW

3.2.1 OBSERVABLE TIMING DISCREPANCY CWE-208

This vulnerability exists in the OPC UA .NET standard stack prior to version 1.5.374.158, allowing unauthorized attackers to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. The vulnerability is identified as CVE-2024-42512, with a CVSS v3 base score of 7.4 and a CVSS v4 base score of 9.1.

3.2.2 AUTHENTICATION BYPASS BY PRIMARY WEAKNESS CWE-305

This vulnerability also exists in the OPC UA .NET standard stack prior to version 1.5.374.158, allowing unauthorized attackers to bypass application authentication when using HTTPS endpoints. This vulnerability is identified as CVE-2024-42513, with a CVSS v3 base score of 9.1 and a CVSS v4 base score of 9.3.

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported these vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA).

4. MITIGATIONS

Siemens has identified specific workarounds and mitigations that users can apply to reduce risk:

  • SIMATIC Energy Manager PRO: Update to V7.5 Update 2 or later version.
  • (CVE-2024-42512) SIMATIC Energy Manager PRO, SIMIT V11: Currently no fix is available.
  • (CVE-2024-42513) SIMATIC WinCC Unified V18, SIMATIC WinCC Unified V19: The affected functionality (HTTPS endpoint in OPC UA server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability.
  • (CVE-2024-42513) SIMATIC IPC DiagMonitor: The affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default. Systems running with default configuration are therefore not affected by this vulnerability.
  • (CVE-2024-42513) Industrial Edge for Machine Tools, SIMATIC IPC DiagMonitor: Currently no fix is planned.
  • (CVE-2024-42513) SIMATIC Energy Manager PRO, SIMATIC WinCC Unified V18: Currently no fix is available.
  • (CVE-2024-42513) SIMATIC WinCC Unified V19: Update to V19 Update 4 or later version.
  • (CVE-2024-42513) SIMATIC WinCC V8.0: Update to V8.0 Update 3 or later version.
  • (CVE-2024-42513) SIMATIC BRAUMAT, SIMATIC SISTAR: Update to V8.1 or later version.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens advises configuring the environment according to <a href="https://www.siemens.com/cert/operational