Tecnomatix FactoryLink Holes

Thursday, January 5, 2012 @ 12:01 PM gHale


There are two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption vulnerabilities.

US-CERT first became aware of the issue in early December, but delayed release until all parties could create and then install an update.

RELATED STORIES
Siemens Patches ALM Holes
Siemens Default Password Issues
7-Technologies Vulnerability Part II
WellinTech’s Heap Overflow Hole

ICS-CERT coordinated with Siemens; Siemens released a patch that addresses the vulnerabilities. ICS-CERT confirmed the Siemens patch resolves the vulnerabilities. Researcher Kuang-Chun Hung of Taiwan’s Information and Communication Security Technology Center (ICST) identified the vulnerabilities.

The Siemens Tecnomatix FactoryLink versions affected are:
• V8.0.2.54
• V7.5.217 (V7.5 SP2)
• V6.6.1 (V6.6 SP1).

Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution.

Siemens Tecnomatix FactoryLink software monitors and controls industrial processes. FactoryLink builds applications such as human-machine interface systems and sees use across a variety of industrial processes including oil and gas, chemicals, food and beverage, and building automation.

Siemens also said FactoryLink is a mature product and will not offer FactoryLink after December 2012.

The buffer overflow vulnerability suffers from exploitation by inputting a long string to a specific parameter causing a buffer overflow that could allow the execution of arbitrary code. CVE-2011-4055 is the assigned number for this vulnerability. Siemens’ assessment of the vulnerability using the CVSS Version 2.0 calculator rates an Overall CVSS Score of 7.7.

This vulnerability is remotely exploitable. An attacker needs to employ social engineering to convince the user to go to a manipulated website.

The data corruption vulnerability suffers exploitation by inputting arbitrary data, causing a file save to any specified location on the target system.

CVE-2011-4056 is the assigned number for this vulnerability. Siemens’ assessment of the vulnerability using the CVSS Version 2.0 calculator rates an Overall CVSS Score of 7.7.

This vulnerability is remotely exploitable. An attacker will need to use social engineering may to execute a remote exploit via a manipulated file or web page.

Siemens released a patch to its customers to address these vulnerabilities. Customers of vulnerable versions of Siemens Tecnomatix FactoryLink should deploy the Siemens patch.

For more information, click here to see Siemens’ Security Advisory announcement.

In addition to the patch released by Siemens, Microsoft has released a kill bit to address the ActiveX vulnerabilities. Customers of vulnerable versions of Siemens Tecnomatix FactoryLink should install the Microsoft update referenced in the Microsoft Security Advisory 2562937.



Leave a Reply

You must be logged in to post a comment.