Siemens Clears Improper Validation Issue

Tuesday, March 20, 2018 @ 04:03 PM gHale

Siemens has updated software to mitigate an improper input validation vulnerability in its SIMATIC, SINUMERIK, and PROFINET IO products, according to a report with ICS-CERT.

Successful exploitation of this vulnerability, which is exploitable from an adjacent network, could result in a denial-of-service condition requiring a manual restart to recover the system.

RELATED STORIES
OSIsoft Mitigates PI Data Archive Hole
OSIsoft Fixes PI Vision Issues
OSIsoft Updates PI Web API Holes
Siemens Mitigates Missing Authentication Hole

The vulnerability, which Siemens self-reported, affects the following products:
• SIMATIC CP 343-1 Advanced: All versions
• SIMATIC CP 343-1 Standard: All versions
• SIMATIC CP 443-1 Advanced: All versions
• SIMATIC CP 443-1 Standard: All versions
• SIMATIC S7-1500 Software Controller incl. F: All versions prior to V1.7.0
• SIMATIC S7-1500 incl. F: All versions prior to V1.7.0
• SIMATIC S7-300 incl. F and T: All versions
• SIMATIC S7-400 H V6: All versions
• SIMATIC S7-400 PN/DP V6 Incl. F: All versions prior to V6.0.7
• SIMATIC S7-400 PN/DP V7 Incl. F: All versions
• SIMATIC S7-410: All versions prior to V8.1
• SIMATIC WinAC RTX 2010 incl. F: All versions
• SINUMERIK 828D: All versions
• SINUMERIK 840D sl: All versions
• Softnet PROFINET IO for PC-based Windows systems: All versions

No known public exploits specifically target this vulnerability. High skill level is needed to exploit.

Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could result in a denial-of-service condition of the requesting system. This vulnerability could be exploited if the attacker is located on the same Ethernet segment (OSI Layer 2) as the targeted device.

CVE-2018-4843 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

This product sees action in the chemical, critical manufacturing, energy, food and agriculture, and the water and wastewater systems sectors. They also see use on a global basis.

Siemens provided the following updates for mitigations:
• SIMATIC S7-1500 Software Controller incl. F: Update to V1.8.5 or newer
• SIMATIC S7-1500 incl. F: Update to V1.8.5 or newer
• SIMATIC S7-400 PN/DP V6 Incl. F: Update to V6.0.7
• SIMATIC S7-410: Update to V8.1

For all other affected products, Siemens identified the following specific workarounds and mitigations that users can apply to reduce the risk:
• Apply cell protection concept
• Use VPN for protecting network communication between cells
• Apply defense-in-depth

Click here for additional information.

As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for industrial security, and to follow the recommendations in the product manuals. Click here for additional information on industrial security.

For more information on this vulnerability and associated software updates, please see Siemens security notification SSA-592007.



Leave a Reply

You must be logged in to post a comment.