New Firmware for Siemens Reyrolle

Friday, July 7, 2017 @ 03:07 PM gHale


Siemens released new firmware to mitigate multiple vulnerabilities in its Reyrolle integration, control measurement and automation products, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities, which Siemens self-reported, are a missing authorization, improper input validation and improper authentication issues.

RELATED STORIES
Siemens Mitigates Building Controller Holes
Schneider Fixing U.motion Builder Holes
Siemens Fixes Intel-based Hole
Siemens Clears Viewport Vulnerability

EN100 Ethernet modules as optional for Reyrolle: All versions prior to V4.29.01 suffer from the vulnerabilities.

Successful exploitation of these vulnerabilities could allow an attacker to access sensitive device information, circumvent authentication, and perform administrative actions.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

In one of the vulnerabilities, the integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.

CVE-2016-4784 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

Also, the integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access ended up obtained.

CVE-2016-4785 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform certain administrative operations.

CVE-2016-7112 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In another issue, specially crafted packets sent to Port 80/TCP could cause the affected device to go into defect mode.

CVE-2016-7113 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.

CVE-2016-7114 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.

The product mainly sees use in the energy sector on a global basis.

Siemens released a new firmware version (V4.29.01) to address these vulnerabilities. It can be found at the SIPROTEC 4 downloads area.

Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPN. Siemens also advises users to configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security. Please see the specific product manual for more information. Manuals can be obtained from the downloads menu on the Siemens web site.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-452237.



Leave a Reply

You must be logged in to post a comment.