Full Report
The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices
## CVE Details
- CVE ID: CVE-2024-21483
- CVSS Score: 4.6 (Low) [CVSS v3.1] / 5.1 (Medium) [CVSS v4.0]
- CWE: CWE-284: Improper Access Control
## Affected Systems
- Products: SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0)
- Versions: All versions ≥ V3.2.3 but < V3.2.4, *only* if manufactured between LQN231003... and LQN231215... (based on LQNYYMMDD format).
- Configurations: Devices must have been manufactured within the specified date range and running vulnerable firmware versions.
## Vulnerability Description
The read out protection mechanism for the internal flash memory of the affected devices was not correctly configured during the manufacturing process. This flaw allows an attacker who has physical access to the device to bypass security controls and read the data stored in the internal flash.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but details suggest a physical compromise vector.
- Complexity: Low (CVSS AV:P - Physical Attack Vector)
- Attack Vector: Physical
## Impact
- Confidentiality: High (C:H) - Data stored in the internal flash is readable.
- Integrity: No Impact (I:N)
- Availability: No Impact (A:N)
## Remediation
### Patches
- Update to **V3.2.4 or later version** for affected SENTRON 7KM PAC3120 devices.
- Vendor Link for update: hXXps://support.industry.siemens.com/cs/ww/en/view/109780938/
### Workarounds
- Restrict physical access to the device to trusted personnel only.
## Detection
- Detection methods are not explicitly detailed, but forensic analysis of the device hardware by a professional could potentially reveal an attempt to interface directly with the flash memory chips.
- The primary detection mechanism is identifying the affected product, version, and manufacturing lot codes.
## References
- Vendor Advisory (SSA-792319): hXXps://cert-portal.siemens.com/productcert/html/ssa-792319.html
- Siemens Industrial Security General Guidelines: hXXps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens Industrial Security Portal: hXXps://www.siemens.com/industrialsecurity