Siemens Updates glibc Library Fix

Friday, September 30, 2016 @ 01:09 PM gHale

Siemens updated an advisory related to a buffer overflow vulnerability in the glibc library first published in July, according to a report with ICS-CERT.

Siemens created updates to mitigate this vulnerability in ROX II, APE devices, SINEMA Remote Connect, Basic RT V13, and SCALANCE M-800/S615.

American Auto-Matrix Mitigates Holes
Siemens Clears SCALANCE Vulnerability
Moxa Fixes Active OPC Server Issue
BINOM3 Power Quality Meter Holes

Exploits that target this remotely exploitable vulnerability are publicly available.

Siemens reports that the vulnerability affects the following products:
• ROX II: V2.3.0-V2.9.0 (inclusive)
• APE (Linux): All versions
• SINEMA Remote Connect: All versions prior to Version 1.2
• SCALANCE M-800/S615: All versions prior to version 4.02
• Basic RT V13: All versions prior to V13 SP1 Update 9

An attacker who successfully exploits this vulnerability may be able to cause a denial-of-service condition in the affected devices or possibly execute arbitrary code.

Siemens is a multinational company headquartered in Munich, Germany.

Siemens ROX-based devices connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. RUGGEDCOM APE is a utility-grade computing platform that plugs directly into any member of the RUGGEDCOM RX1500 family and makes it possible to run third-party software applications without an external industrial PC. SINEMA Remote Connect is a management platform for remote networks allowing users to manage and maintain tunnel connections (VPN) between networks, machines, and sites. SCALANCE security modules provide filtering of incoming and outgoing network connections with stateful packet inspection.

The affected devices see action across several sectors including chemical, communications, critical manufacturing, dams, energy, food and agriculture, government facilities, healthcare and public health, transportation systems, and water and wastewater systems. These products see use globally.

There is a stack-based buffer overflow vulnerability in the glibc library’s DNS client side resolver.

CVE-2015-7547 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

Crafting a working exploit for this vulnerability would be difficult.

Siemens provides updates for the following products and encourages customers to update their products:
• ROX II: Update to version 2.9.1:
— Submit a support request online
— Call a local hotline center
• APE (Linux): Follow update process provided in the corresponding application note
• Basic RT V13: Update to Version V13 SP 1 Update 9           
• SINEMA Remote Connect software update for Version 1.2
• SCALANCE M-800/S615: Update to V4.02

Siemens recommends applying the following mitigations until the user can apply patches:
• Disable use of DNS on affected devices if possible
• Use trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration

• Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border

As a general security measure, Siemens recommends to protect network access to nonperimeter devices with appropriate mechanisms. It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

For more information on this vulnerability and more detailed mitigation instructions, click on Siemens Security Advisory SSA-301706.