Siemens Fixes SIMATIC S7 Woes

Wednesday, February 10, 2016 @ 09:02 AM gHale

Siemens fixed two vulnerabilities in its SIMATIC S7-1500 CPU family, according to a report on ICS-CERT.

Siemens SIMATIC S7-1500 CPU family, versions prior to Version 1.8.3 suffer from the remotely exploitable vulnerabilities.

Tollgrade Fixes SmartGrid System Holes
Westermo Updates Switch Vulnerability
Rockwell Fixes PLC Buffer Overflow
MICROSYS Fixes Memory Corruption Hole

Successful exploitation of these vulnerabilities could result in a denial-of-service condition or a replay attack on the affected devices.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, the Siemens SIMATIC S7-1500 CPU family, are for discrete and continuous control in industrial environments. The Siemens SIMATIC S7-1500 CPU family sees action across several sectors including critical manufacturing, food and agriculture, and chemical. Siemens said these products see use on a global basis.

Specially crafted packets sent to Port 102/TCP (ISO/TSAP) could cause a denial-of-service condition on affected devices. The CPU will automatically restart and remain in STOP mode. To recover from this condition, the CPU needs to end up manually placed into RUN mode again.

CVE-2016-2200 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The replay protection efficiency at Port 102/TCP (ISO/TSAP) of the affected devices could end up reduced by remote attackers under certain conditions.

CVE-2016-2201 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.7.

No known public exploits specifically target these vulnerabilities. An attacker with low skill would be able to exploit one of these vulnerabilities.

Siemens released SIMATIC S7-1500 firmware Version 1.8.3, which addresses the identified vulnerabilities and recommends users update to the new firmware version.

As a general security measure, Siemens recommends users protect network access to SIMATIC S7-1500 CPUs. Siemens advises users to configure the host environment according to operational guidelines.

Click here for Siemens security advisory, SSA-253230.