Siemens Offers STEP 7 Service Pack

Wednesday, February 18, 2015 @ 04:02 PM gHale

Siemens created a service pack that mitigates the authentication vulnerabilities in its SIMATIC STEP 7 TIA Portal application, according to a report on ICS-CERT.

SIMATIC STEP 7 TIA Portal: All versions prior to V13 SP1 suffers from the issue, discovered by Aleksandr Timorin from Positive Technologies.

Advantech Patches Buffer Overflow
Microsoft: Control System Warning
GE, MACTek Integrate HART DTM Fix
Pepperl+Fuchs Integrating Hart DTM Fix

A local user tricked into exploiting these vulnerabilities could possibly escalate privileges for an attacker.

Siemens is a multinational company headquartered in Munich, Germany.

The affected product, SIMATIC STEP 7 TIA Portal, is engineering software for SIMATIC products. This software sees action across several sectors including chemical, energy, food and agriculture, and water and wastewater systems. Siemens said these products see use primarily in the United States and Europe with a small percentage in Asia.

Device user passwords in TIA Portal project files store using a weak hashing algorithm. Attackers with read access to the project file could possibly reconstruct the passwords for device users.

CVE-2015-1355 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 2.1.

Privilege information for device users ends up stored unprotected in the TIA Portal project file. Attackers with access to the project file could possibly read and modify the permissions for device users in the project file. If a user ends up tricked to download the manipulated project file to the device, the user permissions become active.

CVE-2015-1356 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 2.6.

No known public exploits specifically target these vulnerabilities. Crafting a working exploit for these vulnerabilities would be difficult. An attacker would have to employ social engineering to convince the user to accept the malformed file. Additional user interaction would end up needed to load the malformed file. This decreases the likelihood of a successful exploit.

Siemens provides Service Pack 1 for STEP 7 TIA Portal V13, which mitigates the vulnerabilities.

For more information on these vulnerabilities and detailed instructions, click here to see Siemens Security Advisory SSA-234789.

Leave a Reply

You must be logged in to post a comment.