CVE-2024-41798 (CVSS 9.8): Siemens SENTRON PAC3200 Meters Vulnerable to Easy Attacks, No Patch!

CVE-2022-43400 & CVE-2024-41798

A newly disclosed vulnerability (CVE-2024-41798) in Siemens SENTRON PAC3200 power meters could allow attackers to gain administrative access with alarming ease. The vulnerability, assigned a CVSS score of 9.8, highlights a critical weakness in the device’s security design.

SENTRON PAC3200 meters, used for precise energy management and data acquisition, relies on a 4-digit PIN to prevent unauthorized administrative access via the Modbus TCP interface. Unfortunately, this level of protection is inadequate, especially against brute-force attacks or attempts to sniff the Modbus cleartext communication. Attackers with access to the Modbus TCP interface can bypass this weak protection, compromising the device’s security and potentially leading to unauthorized access to sensitive energy management data​.

The simplicity of the PIN mechanism makes the devices particularly vulnerable to brute-force attacks, where an attacker systematically tries different PIN combinations until gaining access. Moreover, because Modbus communication is not encrypted, attackers can monitor network traffic and intercept the PIN without needing to guess it.

Siemens has acknowledged the vulnerability but, at this point, has stated that no fix is planned for the issue. The company advises that users consider the 4-digit PIN protection only as a safeguard against inadvertent operational errors, not as a security measure against malicious attacks. Siemens has provided more details in their FAQ article on the vulnerability.

Related Posts: