Summary: A critical vulnerability (CVE-2024-41798) in Siemens SENTRON PAC3200 power meters allows attackers to gain administrative access easily, with a CVSS score of 9.8 indicating severe security flaws. The reliance on a weak 4-digit PIN and unencrypted Modbus TCP communication exposes these devices to brute-force attacks and data interception.
Threat Actor: Unknown | Unknown
Victim: Siemens | Siemens
Key Point :
- The CVE-2024-41798 vulnerability allows for easy administrative access to SENTRON PAC3200 meters.
- The 4-digit PIN protection is inadequate against brute-force attacks and does not secure Modbus TCP communication.
- Siemens has acknowledged the vulnerability but has no plans for a fix, advising users to treat the PIN as a safeguard against operational errors rather than a security measure.
A newly disclosed vulnerability (CVE-2024-41798) in Siemens SENTRON PAC3200 power meters could allow attackers to gain administrative access with alarming ease. The vulnerability, assigned a CVSS score of 9.8, highlights a critical weakness in the device’s security design.
SENTRON PAC3200 meters, used for precise energy management and data acquisition, relies on a 4-digit PIN to prevent unauthorized administrative access via the Modbus TCP interface. Unfortunately, this level of protection is inadequate, especially against brute-force attacks or attempts to sniff the Modbus cleartext communication. Attackers with access to the Modbus TCP interface can bypass this weak protection, compromising the device’s security and potentially leading to unauthorized access to sensitive energy management data.
The simplicity of the PIN mechanism makes the devices particularly vulnerable to brute-force attacks, where an attacker systematically tries different PIN combinations until gaining access. Moreover, because Modbus communication is not encrypted, attackers can monitor network traffic and intercept the PIN without needing to guess it.
Siemens has acknowledged the vulnerability but, at this point, has stated that no fix is planned for the issue. The company advises that users consider the 4-digit PIN protection only as a safeguard against inadvertent operational errors, not as a security measure against malicious attacks. Siemens has provided more details in their FAQ article on the vulnerability.