Siemens Investigating Vulnerabilities

Tuesday, November 29, 2011 @ 05:11 PM gHale


Siemens is suffering from a slew of new vulnerabilities hitting the industry.

There are four holes with proof-of-concept (PoC) exploit code affecting Siemens Automation License Manager, a supervisory control and data acquisition/human-machine interface product along with multiple weaknesses with PoC exploit code affecting Siemens SIMATIC WinCC Flexible Runtime, a human-machine interface product.

RELATED STORIES
Schneider Vulnerabilities Released
Patches for InduSoft Vulnerabilities
Third Party Vulnerability Hits Mitsubishi
Remote Procedure Call Vulnerability

As far as the Siemens Automation License Manager report, the vulnerabilities are remotely exploitable. The report released by Luigi Auriemma without coordination with Siemens and ICS-CERT.

ICS-CERT has coordinated the report with Siemens, which is working to confirm the report and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The four vulnerabilities are buffer overflow, exception, NULL pointer, memory write. All four vulnerabilities are remotely exploitable and could suffer from a denial of service, with a possible remote code execution with the buffer overflow and the memory write.

Meanwhile, the SIMATIC WinCC Flexible Runtime HMI product has multiple vulnerabilities exploitable remotely via Port 2308/TCP. Like the other report, Auriemma released the information without coordination with ICS-CERT or the vendor.

ICS-CERT coordinated the report with Siemens, which is working to confirm the report and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

All vulnerabilities are remotely exploitable, including a stack overflow, directory transversal and memory read access. The impact on the buffer overflow could be a possible remote code execution, while the directory transversal could have a read, write, delete access, and the memory read access could suffer from a denial of service.

SIMATIC WinCC flexible is a software package used for visualization and machine or small system operations. This product runs on standard PCs or on Siemens panel PCs. This software is used in multiple industries, including food and beverage, water and wastewater, oil and gas, and chemical.



Leave a Reply

You must be logged in to post a comment.