Siemens Updates Medium Voltage SINAMICS Line

Tuesday, May 8, 2018 @ 03:05 PM gHale

Siemens has updates to mitigate an improper input validation vulnerability in its medium voltage SINAMICS products, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities, which Siemens self-reported, could result in a denial-of-service condition, resulting in a manual restart of the affected devices.

RELATED STORIES
Update for Triconex Tricon Issue
Philips’ Mitigation Plan for CT System
Lantech Vulnerabilities Remain Open
InduSoft, InTouch Hole Patched

These vulnerabilities affect the following products:
• SINAMICS GH150 V4.7 w. PROFINET: All versions prior to V4.7 SP5 HF7
• SINAMICS GL150 V4.7 w. PROFINET: All versions prior to V4.8 SP2
• SINAMICS GM150 V4.7 w. PROFINET: All versions prior to V4.8 SP2
• SINAMICS SL150 V4.7.0 w. PROFINET: All versions prior to V4.7 HF30
• SINAMICS SL150 V4.7.4 w. PROFINET: All versions prior to V4.8 SP2
• SINAMICS SL150 V4.7.5 w. PROFINET: All versions prior to V4.8 SP2
• SINAMICS SM120 V4.7 w. PROFINET: All versions prior to V4.8 SP2
• SINAMICS SM150 V4.7 w. SIMOTION and PROFINET: All versions

In one vulnerability, specially crafted packets sent to Port 161/UDP could cause a denial-of-service condition. The affected devices must then end up restarted manually.

CVE-2017-12741 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVE-2017-2680 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. The products also see action on a global basis.

No known public exploits specifically target these vulnerabilities. An attacker with low skill level could leverage the vulnerabilities.

Siemens recommends users implement the following updates. These updates can be obtained from a Siemens representative or via Siemens customer service:
• SINAMICS GH150 V4.7 w. PROFINET: Update to V4.7 SP5 HF7 or upgrade to V4.8 SP2
• SINAMICS GL150 V4.7 w. PROFINET: Upgrade to V4.8 SP2
• SINAMICS GM150 V4.7 w. PROFINET: Upgrade to V4.8 SP2
• SINAMICS SL150 V4.7.0 w. PROFINET: Update to V4.7 HF30 or upgrade to V4.8 SP2
• SINAMICS SL150 V4.7.4 w. PROFINET: Upgrade to V4.8 SP2
• SINAMICS SL150 V4.7.5 w. PROFINET: Upgrade to V4.8 SP2
• SINAMICS SM120 V4.7 w. PROFINET: Upgrade to V4.8 SP2

Siemens has identified the following specific workarounds and mitigations users can apply for SINAMICS SM150 V4.7 w. SIMOTION and PROFINET: All versions, to reduce the risk:
1. Apply cell protection concept and implement Defense-in-Depth
2. Protect network access to Port 161/UDP of affected devices
3. Use VPN for protecting network communication between cells

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security, and following the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

For more information on these vulnerabilities and associated mitigation practices, see Siemens security advisory SSA-546832.



Leave a Reply

You must be logged in to post a comment.