Full Report
A vulnerability in SIRIUS 3RV2921-5M could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIRIUS 3RV2921-5M and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Denial of Service in SIRIUS 3RV2921-5M
## CVE Details
- CVE ID: CVE-2023-6874
- CVSS Score: 7.5 (High)
- CWE: CWE-754: Improper Check for Unusual or Exceptional Conditions
## Affected Systems
- Products: SIRIUS 3RV2921-5M
- Versions: All versions prior to V5.1
- Configurations: Not specifically detailed, but the vulnerability relates to handling network sequences.
## Vulnerability Description
The vulnerability, stemming from an issue in Ember ZNet (as referenced by the vulnerability description associated with similar CVE handling in the advisory), allows an attacker to manipulate the Network Key (NWK) sequence number. If successfully exploited, this manipulation can lead to a denial of service (DoS) condition on the affected Siemens product.
## Exploitation
- Status: Not exploited in the wild (based on advisory context).
- Complexity: Low (AV:N/AC:L/PR:N/UI:N suggests low complexity)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: No Impact (C:N)
- Integrity: No Impact (I:N)
- Availability: High Impact (A:H - Denial of Service)
## Remediation
### Patches
- Update affected SIRIUS 3RV2921-5M devices to **Version V5.1 or later**.
- Patch source: [https://support.industry.siemens.com/cs/ww/en/view/109797242/](https://support.industry.siemens.com/cs/ww/en/view/109797242/)
### Workarounds
1. **Physical Isolation:** Mitigate through physical isolation of the device.
2. Further recommendations should be sought in the "Workarounds and Mitigations" section of the official Siemens advisory.
## Detection
- **Indicators of Compromise:** Not explicitly listed, but monitoring for malformed or unusual NWK sequence number traffic aimed at the device may serve as an indicator.
- **Detection Methods and Tools:** No specific detection tools mentioned; reliance on network monitoring for anomalous traffic patterns is implied.
## References
- Vendor Advisory: SSA-340240
- Siemens Industrial Security Guidelines: [https://www.siemens.com/cert/operational-guidelines-industrial-security](https://www.siemens.com/cert/operational-guidelines-industrial-security)
- Siemens Security Advisories Portal: [https://www.siemens.com/cert/advisories](https://www.siemens.com/cert/advisories)