SSA-620799

Vulnerability from csaf_siemens - Published: 2024-12-10 00:00 - Updated: 2025-06-10 00:00
Summary
SSA-620799: Denial of Service Vulnerability During BLE Pairing in SENTRON Powercenter 1000/1100

Notes

Summary
SENTRON Powercenter devices are not affected by a denial of service vulnerability that can be triggered during BLE (Bluetooth Low Energy) pairing. Note: Unlike stated in the initial version of this security advisory from 2024-12-10, detailed analysis has shown that SENTRON Powercenter devices are not affected by this vulnerability.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "SENTRON Powercenter devices are \nnot affected by a denial of service vulnerability that can be triggered during BLE (Bluetooth Low Energy) pairing.\nNote: Unlike stated in the initial version of this security advisory from 2024-12-10, detailed analysis has shown that SENTRON Powercenter devices are not affected by this vulnerability.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-620799: Denial of Service Vulnerability During BLE Pairing in SENTRON Powercenter 1000/1100 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-620799.html"
      },
      {
        "category": "self",
        "summary": "SSA-620799: Denial of Service Vulnerability During BLE Pairing in SENTRON Powercenter 1000/1100 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-620799.json"
      }
    ],
    "title": "SSA-620799: Denial of Service Vulnerability During BLE Pairing in SENTRON Powercenter 1000/1100",
    "tracking": {
      "current_release_date": "2025-06-10T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-620799",
      "initial_release_date": "2024-12-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-12-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2025-06-10T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Clarified that SENTRON Powercenter devices are not affected by this vulnerability"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SENTRON Powercenter 1000 (7KN1110-0MC00)",
                  "product_id": "1",
                  "product_identification_helper": {
                    "model_numbers": [
                      "7KN1110-0MC00"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SENTRON Powercenter 1000 (7KN1110-0MC00)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SENTRON Powercenter 1100 (7KN1111-0MC00)",
                  "product_id": "2",
                  "product_identification_helper": {
                    "model_numbers": [
                      "7KN1111-0MC00"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SENTRON Powercenter 1100 (7KN1111-0MC00)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6657",
      "cwe": {
        "id": "CWE-821",
        "name": "Incorrect Synchronization"
      },
      "flags": [
        {
          "group_ids": [
            "2",
            "1"
          ],
          "label": "component_not_present"
        }
      ],
      "notes": [
        {
          "category": "summary",
          "text": "A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "1",
          "2"
        ]
      },
      "title": "CVE-2024-6657"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.