Siemens glibc Library Vulnerability

Wednesday, April 13, 2016 @ 09:04 AM gHale


Siemens created a patch for their ROX II and APE devices to mitigate a buffer overflow vulnerability in the glibc library could affect several of its industrial products, according to a report on ICS-CERT.

In addition for other devices, Siemens provides specific mitigations for SINEMA Remote Connect, SCALANCE M-800/S615, and Basic RT V13 until a patch is available for these products.

RELATED STORIES
Siemens SCALANCE S613 DoS Hole
Siemens Working on Patch for DROWN
Uniformance PHD DoS Mitigated
Moxa NPort Device Vulnerabilities

This vulnerability is remotely exploitable and attacks that target this vulnerability are publicly available.

Siemens reports the vulnerability affects the following products:
• ROX II: V2.3.0-V2.9.0 (inclusive)
• APE (Linux) : All versions
• SINEMA Remote Connect: All versions
• SCALANCE M-800/S615: All versions
• Basic RT V13: All versions

An attacker who successfully exploits this vulnerability may be able to cause a denial-of-service (DoS) condition in the affected devices or possibly execute arbitrary code.

Siemens is a multinational company headquartered in Munich, Germany.

Siemens ROX-based devices connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. RUGGEDCOM APE is a utility-grade computing platform that plugs directly into any member of the RUGGEDCOM RX1500 family and makes it possible to run third-party software applications without an external industrial PC. SINEMA Remote Connect is a management platform for remote networks allowing users to manage and maintain tunnel connections (VPN) between networks, machines, and sites. SCALANCE security modules provide filtering of incoming and outgoing network connections with stateful packet inspection.

According to Siemens, the affected devices deploy across several sectors including chemical, communications, critical manufacturing, dams, energy, food and agriculture, government facilities, healthcare and public health, transportation systems, and water and wastewater systems. Siemens estimates \ these products see use on a global basis.

There is a stack-based buffer overflow vulnerability in the glibc library’s DNS client side resolver.

CVE-2015-7547 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

Exploits that target this vulnerability are publicly available. However, crafting a working exploit for this vulnerability would be difficult.

Siemens provides updates for the following products and encourages customers to update their products:

• ROX II: Update to version 2.9.1 or call a local hotline center.

• APE (Linux): Follow update process provided in the corresponding application note.

Siemens recommends applying the following mitigations until patches are available for SINEMA Remote Connect, SCALANCE M-800/S615, and Basic RT V13:
• Disable use of DNS on affected devices if possible.
• Use trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration.
Or
• Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.

As a general security measure, Siemens recommends to protect network access to nonperimeter devices with appropriate mechanisms.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-301706.