Critical vulnerabilities in Siemens Nucleos RTOS

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers from Forescout have discovered 13 critical vulnerabilities in the Nucleos RTOS (Real Time OS) operating system, which is used by Siemens in industrial control systems and in medical devices. Some of the vulnerabilities have a CVSS score of 9.8, and US CISA is warning about the vulnerabilities. However, security updates to close these vulnerabilities are already available.


I first became aware of the issue yesterday on Twitter from Catalin Cimpanu via the following tweets:

Siemens Nucleos RTOS Vulnerabilities

Siemens Nucleos RTOS Vulnerabilities

Affected versions according to CISA:

  • Nucleus NET: All versions prior to v5.2
  • Nucleus RTOS: Versions with affected DNS modules
  • Nucleus source code: Versions including affected DNS modules
  • VSTAR: Versions including affected DNS modules

Forescout published the details in a blog post New Critical Vulnerabilities Found on Nucleus TCP/IP Stack on November 9, 2021. One vulnerability likely affects the operating system's FTP function. The following figure summarizes the CVEs from the Forescout blog post.


Siemens Nucleos RTOS Vulnerabilities

The following video from Forescout discusses the dissection of the Nucleus TCP/IP stack:

(Source: YouTube)

Siemens has published security advisory SSA-185699 (PDF) where they provide remediation for the following products:

  • Nucleus NET: Follow the general security measures or upgrade to the latest versions of Nucleus ReadyStart or Nucleus 4. Note that the latest version of Nucleus NET (v5.2) is not affected by the vulnerabilities, but has already reached the end of software support.
  • Nucleus RTOS:  Contact customer support for information on patches and updates.
  • Nucleus Source Code: Contact customer support for information on patches and updates.
  • VSTAR: Contact customer support for information on patches and updates.

Siemens has identified the following specific workarounds and remedies that users can apply to reduce the risk:

  • Avoid using DNS clients of the affected versions.
  • Contact Siemens Customer Support or a Nucleus sales team for additional mitigation tips.

As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the SiemensOperational Guidelines for Industrial Security and following the recommendations in the product manuals.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *