Siemens Fixes SIMATIC PLC Holes

Friday, March 21, 2014 @ 05:03 PM gHale


Siemens produced a new version of its SIMATIC S7-1200 PLC that mitigates two improper input validation vulnerabilities, according to a report on ICS-CERT.

The vulnerabilities, discovered separately by Prof. Dr. Hartmut Pohl of softScheck GmbH and Arne Vidström of Swedish Defence Research Agency (FOI), are remotely exploitable.

RELATED STORIES
SIMATIC S7-1200 CPU Vulnerabilities Fixed
Sielco Sistemi Fixes Winlog Holes
Siemens Patches SIMATIC S7-1500 Holes
SCADA File Parsing Vulnerability

SIMATIC S7-1200 PLC family: all versions before V4.0.0 suffer from the vulnerabilities.

Attackers could use these vulnerabilities to perform a denial-of-service (DoS) attack.

Siemens is a multinational company headquartered in Munich, Germany. Products in the Siemens SIMATIC S7-1200 PLC family see use in the discrete and continuous control in critical infrastructure sectors such as chemical, critical manufacturing, and food and agriculture.

Specially crafted packets sent on Port 161/UDP (SNMP) cause the device to go into defect mode.

CVE-2013-2780 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

Specially crafted packets sent on Port 102/TCP (ISO-TSAP) cause the device to go into defect mode. Further research has identified multiple instances of this vulnerability.

CVE-2013-0700 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

No known public exploits specifically target these vulnerabilities, but an attacker with a low skill would be able to exploit these vulnerabilities.

Siemens has provided the SIMATIC S7-1200 PLC product release V4.0.0 to resolve these vulnerabilities available.

Siemens recommends running the affected software components in a protected network environment and to configure the environment according to operational guidelines.

For more information regarding this issue or any other security issue involving Siemens products, please see the Siemens ProductCERT security advisory page.



Leave a Reply

You must be logged in to post a comment.