Siemens Fixes SIMATIC PCS 7 Issue

Thursday, November 2, 2017 @ 03:11 PM gHale


Siemens released updates to mitigate an improper input validation vulnerability in its SIMATIC PCS 7, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, discovered by Sergey Temnikov and Vladimir Dashchenko of Kaspersky Labs, could allow a remote authenticated attacker to crash services on the devices.

RELATED STORIES
No Fixes for Outdated ABB FOX515T
New Version Clears Trihedral Holes
Rockwell KRACK Advisory for Stratix 5100
SpiderControl Mitigates MicroBrowser Hole

The following versions of SIMATIC PCS 7, a distributed control system, suffer from the issue:
• V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13
• V8.2 all versions

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

CVE-2017-14023 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.9.

The product sees use in multiple sectors including the chemical, energy, food and agriculture, and water and wastewater systems. The product also sees action on a global basis.

Siemens released the following updates:
V8.1: Update to V8.1 SP1 with WinCC V7.3 Upd 13

Munich, Germany-based Siemens is currently working on updates for the remaining affected versions and recommends users:
1. Apply cell protection concept
2. Use VPN for protecting network communication between cells
3. Apply Defense-in-Depth

Siemens also recommends users protect network access to the SIMATIC PCS 7 with appropriate mechanisms by configuring the environment according to operation guidelines.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-523365.



Leave a Reply

You must be logged in to post a comment.