Siemens Clears Hole in Industrial Products

Tuesday, January 23, 2018 @ 03:01 PM gHale

Siemens has a mitigation plan in place to eliminate an improper input validation vulnerability in its industrial products, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system.

RELATED STORIES
Advantech Updates WebAccess/SCADA
Siemens Mitigates SIMATIC WinCC Add-On
Advantech Updates WebAccess Holes
WECON Clears HMI Editor Issues

This vulnerability affects the following products using PROFINET DCP:
• SIMATIC CP 1242-7 GPRS V2: All versions prior to V2.1.82
• SIMATIC CP 1243-7 LTE EU/US: All versions prior to V2.1.82
• SIMATIC CP 1243-8: All versions prior to V2.1.82
• SIMATIC CP 1626: All versions
• Extension Unit 12” PROFINET: All versions prior to V01.01.01
• Extension Unit 15” PROFINET: All versions prior to V01.01.01
• Extension Unit 19” PROFINET: All versions prior to V01.01.01
• Extension Unit 22” PROFINET: All versions prior to V01.01.01

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVE-2017-2680 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

The products see use mainly in the chemical, critical manufacturing, energy, food and agriculture, and Water and Wastewater Systems sectors. They also see action on a global basis.

The attacker must have network access to the local Ethernet segment (Layer 2).

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ Operational Guidelines for Industrial Security and to follow the recommendations in the product manuals. Click here for the Operational Guidelines for industrial security.

Click here for additional information on industrial security by Siemens.

Siemens provides firmware updates to address the vulnerability for the following affected products:
• Extension Unit 12” PROFINET: Update to V01.01.01
• Extension Unit 15” PROFINET: Update to V01.01.01
• Extension Unit 19” PROFINET: Update to V01.01.01
• Extension Unit 22” PROFINET: Update to V01.01.01
• SIMATIC CP 1242-7 GPRS V2: Update to V2.1.82
• SIMATIC CP 1243-7 LTE EU/US: Update to V2.1.82
• SIMATIC CP 1243-8 IRC: Update to V2.1.82
• SIMATIC CP 1626: All versions

Siemens released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
1. Apply cell protection concept
2. Use VPN for protecting network communication between cells
3. Apply Defense-in-Depth

For more information on this vulnerability and more detailed mitigation instructions, click on the Siemens Security Advisory SSA-284673.



Leave a Reply

You must be logged in to post a comment.