What is the critical vulnerability in Siemens SENTRON 7KM PAC3200?

The critical vulnerability in Siemens SENTRON 7KM PAC3200 is tracked as CVE-2024-41798 with a CVSS score of 9.3. It allows attackers to gain administrator access by brute-forcing the four-digit PIN, providing full control over the device.

How does the vulnerability in the PAC3200 work?

The PAC3200 is protected by a four-digit PIN, which can be easily brute-forced because there are only 10,000 possible combinations. This enables attackers to try each combination until the correct PIN is found, gaining full administrative access to the device.

What risks does this vulnerability pose?

Once an attacker gains administrator access, they can change device settings, reset energy counts, or even reset the device entirely. The device’s Modbus TCP interface, which communicates in cleartext, can be exploited to intercept the PIN without brute-forcing.

Is there a security patch available for the PAC3200?

No, Siemens has not planned any security patches for the SENTRON 7KM PAC3200 since it is an end-of-life product. Users are advised to implement network restrictions and consider upgrading to the newer SENTRON 7KM PAC3220 model for better security.

What steps can users take to mitigate this vulnerability?

Siemens advises users to restrict network access to PAC3200 devices, follow Siemens' industrial security guidelines, and consider upgrading to the SENTRON 7KM PAC3220, which offers enhanced security features.

Why is the Modbus TCP interface a concern for PAC3200 users?

The Modbus TCP interface communicates without encryption, meaning data including the PIN could be intercepted by a malicious actor. This increases the risk of unauthorized access without needing to brute-force the PIN.

Advisory

Siemens reports critical flaw in SENTRON 7KM PAC3200 power measuring device

published: Oct. 11, 2024

Take action: If you are using SENTRON 7KM PAC3200, make sure it's isolated from the internet and only accessible from trusted networks. Then plan to upgrade or replace it, because it's no longer supported.

Learn More

Siemens has disclosed a critical vulnerability in its SENTRON 7KM PAC3200 power measuring device.

The flaw is tracked as CVE-2024-41798 (CVSS score 9.3) allows an attacker to gain administrator access through brute-forcing a four-digit PIN, making it possible to exploit the device remotely. The SENTRON 7KM PAC3200, which was discontinued in 2019, is protected only by a four-digit PIN that can be brute-forced easily because there are just 10,000 possible combinations. An attacker could systematically try every combination until the correct PIN is found, gaining full administrative access.

This access allows the attacker to change device settings, reset energy counts, or even reset the device entirely.

The Modbus TCP interface used by the PAC3200 is a particular point of vulnerability, as it communicates in cleartext without encryption. This means that a malicious actor who intercepts these communications could potentially sniff out the PIN without having to brute-force it.

Given that the SENTRON 7KM PAC3200 has no planned security patches (as it is an end-of-life product), Siemens advises users to:

Restrict network access to these devices.
Follow industrial security guidelines provided by Siemens to minimize exposure
Consider upgrading to the SENTRON 7KM PAC3220, the successor model, which offers improved security, including protection against brute-force attacks and disabled remote write access.

Users of the affected devices are urged to implement these precautions immediately, as the absence of a patch leaves the devices vulnerable to potential exploitation.

Siemens reports critical flaw in SENTRON 7KM PAC3200 power measuring device

Read More
Mirai Botnet variant exploits TBK DVR Devices flaw
Critical authentication flaw reported in Siemens Industrial Edge …
PTC Warns of Imminent RCE Threat in Windchill …
EFACEC reports critical issues in their BCU 500 …
Nice reports critical flaw in Linear eMerge E3