Siemens reports critical flaw in Sentron Powercenter 1000
Take action: You know the drill - make sure your SENTRON Powercenter 1000 is isolated from the internet and only accessible from trusted networks. Patches are not mentioned, so you may want to talk directly to your Siemens representative.
Learn More
Siemens has identified a critical vulnerability in its Sentron Powercenter 1000 product - improper checks for unusual or exceptional conditions. If successfully exploited, the vulnerability could allow an attacker to disrupt the operation of the affected devices by creating a denial-of-service condition.
- The flaw is tracked as CVE-2023-6874 (CVSS score 9.2) - allows remote exploitation with low attack complexity, potentially leading to a denial-of-service (DoS) condition on affected devices. The flaw is specific to the manipulation of a component sequence number. This vulnerability allows attackers to manipulate the NWK sequence number, causing a denial-of-service state
This flaw impacts all versions of SENTRON Powercenter 1000 (7KN1110-0MC00)
Siemens recommends users apply the following workarounds and protective measures:
- Physical isolation of vulnerable devices to limit exposure.
- Protect network access with appropriate security measures, ensuring operation in a secure IT environment according to Siemens' operational guidelines.
- Follow best practices outlined in product manuals and Siemens' industrial security guidelines.
At this time, there are no reports of public exploitation specifically targeting this vulnerability.
