Full Report
SIMATIC CP 1543-1 devices contain an Incorrect Authorization vulnerability that could allow an unauthenticated attacker to gain access to the filesystem. Siemens has released a new version for SIMATIC CP 1543-1 V4.0 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Incorrect Authorization in SIMATIC CP 1543-1
## CVE Details
- **CVE ID:** CVE-2024-50310
- **CVSS Score:**
- CVSS v4.0: **8.7 (High)**
- CVSS v3.1: **7.5 (High)**
- **CWE:** CWE-863: Incorrect Authorization
## Affected Systems
- **Products:** SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0)
- **Versions:** All versions >= V4.0.44 and < V4.0.50
- **Configurations:** Devices acting as communications processors for SIMATIC S7-1500 controllers.
## Vulnerability Description
The affected devices fail to properly enforce authorization checks. This flaw allows an unauthenticated remote attacker to bypass intended access restrictions and gain unauthorized access to the device's internal filesystem.
## Exploitation
- **Status:** Proof of Concept (PoC) available (based on CVSS Exploit Code Maturity "P"). No reports of active exploitation in the wild are currently cited.
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Attacker can access filesystem data)
- **Integrity:** None (Based on CVSS score)
- **Availability:** None (Based on CVSS score)
## Remediation
### Patches
- **Update to V4.0.50 or later:** Siemens has released a firmware update to address this vulnerability. The update can be found at: hXXps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109976120/
### Workarounds
- **Port Restriction:** Restrict network access to port **8448/tcp** to trusted systems only.
- **General Security:** Follow Siemens' operational guidelines for Industrial Security to operate the devices in a protected IT environment.
## Detection
- **Indicators of Compromise:** Monitor for unusual or unauthorized traffic targeting port 8448/tcp, particularly from external or untrusted IP addresses.
- **Detection methods and tools:** Network intrusion detection systems (NIDS) can be configured to alert on unauthorized connection attempts to the proprietary filesystem access ports.
## References
- **Siemens Security Advisory SSA-654798:** hXXps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-654798[.]pdf
- **Siemens Industrial Security Home:** hXXps://www[.]siemens[.]com/industrialsecurity