Siemens Fixes Hole Using OPC UA

Friday, September 1, 2017 @ 03:09 PM gHale


Siemens has fixes available to mitigate an improper restriction of XML external entity reference vulnerability in its industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, discovered by Sergey Temnikov of Kaspersky Lab, may allow an attacker to access various resources.

RELATED STORIES
Advantech Releases Updated WebAccess
AzeoTech Fixes DAQFactory Holes
Abbot Patches Pacemaker Holes
Westermo Firmware Release Fixes Issues

Siemens said the vulnerability affects the following industrial products, which use the Discovery Service of the OPC UA protocol stack by the OPC foundation:
• SIMATIC PCS 7
V7.1 and earlier versions
V8.0: All versions
V8.1: All versions
• SIMATIC WinCC:
V7.0: All versions
V7.2: All versions
V7.3: All versions
V7.4: All versions prior to V7.4 SP1
• SIMATIC WinCC Runtime Professional:
V13: All versions
V14: All versions prior to V14 SP1
• SIMATIC NET PC Software: All versions
• SIMATIC IT Production Suite: All versions

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

By sending specially crafted packets to the OPC Discovery Server at Port 4840/TCP, an attacker might cause the system to access various resources chosen by the attacker.

CVE-2017-12069 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

The products see use in the chemical, energy, food and agriculture, water and wastewater systems sectors. The products also see action on a global basis.

Siemens provides fixes for the following products and recommends users upgrade to the newest version:
• SIMATIC PCS 7: All versions prior to V9.0: Follow FAQ

• SIMATIC WinCC:
V7.4: Update to V7.4 SP1
All other versions: Follow FAQ to turn off the service after commissioning

• SIMATIC WinCC Runtime Professional:
Update to V14 SP1
All other versions: Follow FAQ to turn off the service after commissioning

• SIMATIC NET PC Software:
Follow FAQ to turn off the service after commissioning

Siemens is preparing further updates and recommends the following mitigations in the meantime:
1. Turn off the Discovery Service or block it on the local firewall
2. Apply cell protection concept
3. Use VPN for protecting network communication between cells
4. Apply Defense in Depth

Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPNs. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.

For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-535640.

The OPC Foundation also published a security bulletin for this vulnerability.



Leave a Reply

You must be logged in to post a comment.