Siemens Clears Information Disclosure Holes

Wednesday, October 12, 2016 @ 08:10 AM gHale

Siemens released SIMATIC STEP 7 (TIA Portal) V14 which fixes two information disclosure vulnerabilities in the storage format of project files, according to a report by Siemens ProductCERT.

The vulnerabilities could allow local attackers to access sensitive information contained in TIA project files under certain conditions.

Siemens Fixes SINEMA Server Hole
Insulin Pump Vulnerabilities
GE Clears Bently Nevada Vulnerability
Beckhoff Clears Old Vulnerabilities

All versions of SIMATIC STEP 7 (TIA Portal under V14 suffer from the issues. SIMATIC STEP 7 (TIA Portal) is an engineering software to configure and program SIMATIC controllers.

Local attackers with read access to TIA project files could brute-force pre-shared keys used for machine to machine communication with possibly reduced effort. CVE-2016-7959 is the case number for the vulnerability, which has a CVSS base score of 2.5.

In addition, local attackers could circumvent the protection of the transport format of TIA Portal project files and potentially access sensitive configuration settings. This format could end up used by TIA Portal during the migration of project files to a new version. CVE-2016-7960 is the case number, which has a CVSS base score of 2.5.

Access to the TIA project files on engineering workstations or network storage must be protected with appropriate mechanisms from unauthorized access.

Siemens created SIMATIC STEP 7 (TIA Portal) V14.

Dmitry Sklyarov and Gleb Gritsai from Positive Technologies coordinated disclosure of both vulnerabilities.

Click here for an overview of the operational guidelines for Industrial Security (with the cell protection concept).

Information about Industrial Security by Siemens.