Siemens Fixes SIMATIC S7-300 DoS Hole

Friday, June 10, 2016 @ 08:06 AM gHale


Siemens created a firmware update to mitigate a denial-of-service (DoS) vulnerability in the SIMANTIC S7-300 CPU family, according to an ICS-CERT report.

This vulnerability, reported directly to Siemens by Mate J. Csorba of DNV GL, Marine Cybernetics Services, and Amund Sole of Norwegian University of Science and Technology, is remotely exploitable.

RELATED STORIES
KMC Controls Clears Router Holes
Trihedral Fixes VTScada Vulnerabilities
GE Fixes Credential Vulnerability
Moxa Issue on Discontinued Product

The vulnerability affects the following products:
• SIMATIC S7-300 CPUs with Profinet support: All versions prior to V3.2.12
• SIMATIC S7-300 CPUs without Profinet support: All versions prior to V3.3.12

An exploit of this vulnerability could cause the affected device to go into defect mode, requiring a cold restart to recover the system.

Siemens is a multinational company headquartered in Munich, Germany.

The affected product, SIMATIC S7-300 CPU, is for process control in industrial environments. This product sees use across several sectors including chemical, energy, food and agriculture, and water and wastewater systems. Siemens said this product line sees action on a global basis.

Specially crafted packets sent to Port 102/TCP (ISO-TSAP) or via Profibus could cause the affected device to go into defect mode. A cold restart would end up required to recover the system.

CVE-2016-3949 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Siemens has released SIMATIC S7-300 firmware Versions V3.2.12 and V3.3.12, which fix the vulnerability, and recommends users update to the latest version.

For more information on this vulnerability and detailed instructions, click on Siemens Security Advisory SSA-818183.

As a general security measure Siemens strongly recommends keeping firmware up-to-date and to protect network access to the S7-300 CPUs with appropriate mechanisms. It is advised to configure the environment according to Siemens’ operational guidelines in order to run the devices in a protected IT environment.