Siemens Patches Dll Hijacking Hole

Tuesday, July 24, 2012 @ 08:07 PM gHale

Siemens produced a patch to fix the dll hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software.

Previous versions of SIMATIC STEP 7 and PCS 7 allowed the loading of malicious dll files into the STEP 7 project folder an attacker could use to hit the system. This vulnerability is remotely exploitable and attackers are targeting this vulnerability.

Wonderware Patches Dll Hijack
OSIsoft Releases Vulnerability Fix
Tridium Holes Remotely Exploitable
ICS-CERT: Attacks on Rise

The following Siemens products and versions suffer from the issue:
• SIMATIC STEP 7 versions prior to V5.5 Service Pack 1 (5.5.1 equivalent)
• SIMATIC PCS 7 versions before and including V7.1 SP3

An attacker could execute arbitrary code by exploiting this vulnerability.

Siemens SIMATIC STEP 7 and PCS 7 software configures and manages Siemens SIMATIC S7 PLCs. Siemens SIMATIC S7 PLCs see use in a variety of industrial applications worldwide, including energy, water and wastewater, oil and gas, chemical, building automation, and manufacturing.

SIMATIC STEP 7 supports the loading of dll files in STEP 7 project folders, which an attacker can use against systems using STEP 7. An attacker can place arbitrary library files into STEP 7 project folders that will load on STEP 7 startup without validation. The code will execute with the permissions of the STEP 7 application. CVE-2012-3015 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.9.

An attacker with a medium skill level would be able to exploit these vulnerabilities.

Siemens provided the STEP 7 software update V5.5 SP1 (equivalent to V5.5.1) that resolves the vulnerability, but recommends installing the latest Service Pack, V5.5 SP2, as soon as possible.

The updates implement a mechanism that rejects dlls in the STEP 7 project folders, which contain executable code, thus preventing unintended execution of unchecked code.

Leave a Reply

You must be logged in to post a comment.