Telnet service left enabled and without a password on SIMATIC HMI Comfort Panels
Image: Siemens
Catalin Cimpanu July 2, 2021

Telnet service left enabled and without a password on SIMATIC HMI Comfort Panels

Telnet service left enabled and without a password on SIMATIC HMI Comfort Panels

Siemens SIMATIC HMI Comfort Panels, devices meant to provide visualization of data received from industrial equipment, are exposing their Telnet service without any form of authentication, security researchers have discovered.

The bug has industrial security experts worried as they fear this misconfiguration could lead to scenarios where threat actors could remotely access the SIMATIC panels and tamper with the data they display.

  • Tracked as CVE-2021-31337, the vulnerability was revealed earlier this week.
  • All SIMATIC HMI Comfort Panels models are believed to be impacted, except panels for SINAMICS Medium Voltage Products (SL150, SM150, and SM150i), where the Telnet service is disabled by default.
  • SIMATIC HMI Comfort Panels work by taking data from industrial equipment and displaying it on a tablet while providing an easy way to control the device by a human operator. They can interact with a wide spectrum of industrial equipment, from industrial robots to electrical equipment.
  • The panels can’t be connected online, per their brochure, but devices installed inside local networks could be exploited if an attacker has managed to obtain a foothold inside internal networks via other means.
  • Siemens has published firmware updates for affected models, per MITRE and CISA.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.