SSA-763427

Siemens Security Advisory by Siemens ProductCERT

SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices

Publication Date:	2015-11-27
Last Update:	2025-07-08
Current Version:	V1.6
CVSS v3.1 Base Score:	9.8
CVSS v4.0 Base Score:	9.3

SUMMARY

SIMATIC CP and TIM devices contain an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC CP 342-5 (incl. SIPLUS variants)	Currently no fix is planned
SIMATIC CP 342-5 (6GK7342-5DA03-0XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
SIMATIC CP 342-5 (6GK7342-5DA02-0XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
SIMATIC CP 342-5 FO (6GK7342-5DF00-0XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
SIPLUS NET CP342-5 (6AG1342-5DA03-7XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)	Update to V3.0.44 or later version https://support.industry.siemens.com/cs/ww/en/view/109742236/
SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) All versions < V3.0.44 affected by CVE-2015-8214	Update to V3.0.44 or later version https://support.industry.siemens.com/cs/ww/en/view/109742236/
SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) All versions < V3.0.44 affected by CVE-2015-8214	Update to V3.0.44 or later version https://support.industry.siemens.com/cs/ww/en/view/109742236/
SIMATIC CP 343-1 Standard/Lean (incl. SIPLUS variants)	Update to V3.1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109486101/
SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) All versions < V3.1.1 affected by CVE-2015-8214	Update to V3.1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109486101/
SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) All versions < V3.1.1 affected by CVE-2015-8214	Update to V3.1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109486101/
SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) All versions < V3.1.1 affected by CVE-2015-8214	Update to V3.1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109486101/
SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) All versions < V3.1.1 affected by CVE-2015-8214	Update to V3.1.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109486101/
SIMATIC CP 443-1 Standard/Advanced (incl. SIPLUS variants)	Update to V3.2.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109482246/
SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) All versions < V3.2.9 affected by CVE-2015-8214	Update to V3.2.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109482246/
SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) All versions < V3.2.9 affected by CVE-2015-8214	Update to V3.2.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109482246/
SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) All versions < V3.2.9 affected by CVE-2015-8214	Update to V3.2.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109482246/
SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) All versions < V3.2.9 affected by CVE-2015-8214	Update to V3.2.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109482246/
SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) All versions < V3.2.9 affected by CVE-2015-8214	Update to V3.2.9 or later version https://support.industry.siemens.com/cs/ww/en/view/109482246/
SIMATIC CP 443-5 Basic (6GK7443-5FX02-0XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
SIMATIC CP 443-5 Extended (incl. SIPLUS variants)	Currently no fix is planned
SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE1) All versions affected by CVE-2015-8214	Currently no fix is planned
SIPLUS NET CP 443-5 (6AG1443-5DX05-4XE0) All versions affected by CVE-2015-8214	Currently no fix is planned
TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants)	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
SIPLUS NET TIM 3V-IE (6AG1800-3BA00-7AA0) All versions < V2.6 affected by CVE-2015-8214	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
TIM 3V-IE (6NH7800-3BA00) All versions < V2.6 affected by CVE-2015-8214	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
TIM 3V-IE Advanced (6NH7800-3CA00) All versions < V2.6 affected by CVE-2015-8214	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
TIM 3V-IE DNP3 (incl. SIPLUS NET variants)	Update to V3.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109481766/
SIPLUS NET TIM 3V-IE DNP3 (6AG1803-3BA00-7AA0) All versions < V3.1 affected by CVE-2015-8214	Update to V3.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109481766/
TIM 3V-IE DNP3 (6NH7803-3BA00-0AA0) All versions < V3.1 affected by CVE-2015-8214	Update to V3.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109481766/
TIM 4R-IE (incl. SIPLUS NET variants)	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0) All versions < V2.6 affected by CVE-2015-8214	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
TIM 4R-IE (6NH7800-4BA00) All versions < V2.6 affected by CVE-2015-8214	Update to V2.6 or later version https://support.industry.siemens.com/cs/ww/en/view/109481769/
TIM 4R-IE DNP3 (incl. SIPLUS NET variants)	Update to V3.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109481765/
SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0) All versions < V3.1 affected by CVE-2015-8214	Update to V3.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109481765/
TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0) All versions < V3.1 affected by CVE-2015-8214	Update to V3.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109481765/

WORKAROUNDS AND MITIGATIONS

Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC CPs (Communications Processors) are specialized interface modules that enable Siemens PLCs and automation systems to communicate via various industrial networks and protocols, including PROFINET, Industrial Ethernet, and PROFIBUS. These modules handle communication tasks independently from the CPU, ensuring reliable data exchange while reducing the processing load on the main controller.

SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product they are based on.

TIM (Telecontrol Interface Modules) are specialized communication modules designed for remote monitoring and control applications in SIMATIC S7 systems, primarily used for telecontrol protocols like IEC 60870-5-101/104 and DNP3. These modules enable secure long-distance data transmission between control centers and remote stations, making them ideal for applications in utilities, water management, and energy distribution networks.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2015-8214

The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.

CVSS v3.1 Base Score	9.8
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	9.3
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-306: Missing Authentication for Critical Function

Product-Specific Vulnerability Description

For the following products, the impact of the vulnerability is different.

SIMATIC CP 342-5 (6GK7342-5DA02-0XE0):