Siemens Updates OPC Vulnerability

Tuesday, October 3, 2017 @ 03:10 PM gHale

Siemens updated a fix for an improper restriction of XML external entity reference vulnerability in its industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation, according to a report with ICS-CERT.

This updated advisory is a follow-up to the original advisory that went out August 31. Sergey Temnikov of Kaspersky Lab reported this vulnerability to Siemens.

Siemens Fills Ruggedcom, SCALANCE Hole
Schneider Patches InduSoft Hole
New Security Release for Ctek SkyRouter
Digium Asterisk GUI Migration Plan

The remotely exploitable vulnerability affects the following industrial products, which use the Discovery Service of the OPC UA protocol stack by the OPC foundation:
V8.0: All versions
V8.1: All versions
V7.2: All versions
• SIMATIC WinCC Runtime Professional:
V13: All versions
V14: All versions prior to V14 SP1
• SIMATIC NET PC Software: All versions
• SIMATIC IT Production Suite: All versions prior to V6.5

Successful exploitation of this vulnerability may allow an attacker to access various resources.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

By sending specially crafted packets to the OPC Discovery Server at Port 4840/TCP, an attacker might cause the system to access various resources chosen by the attacker.

CVE-2017-12069 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

The product sees use in the chemical, energy, food and agriculture and water and wastewater systems sectors. It also sees action on a global basis.

Siemens provides fixes for the following products and recommends users upgrade to the newest version:
All affected versions: Follow FAQ
All versions: Follow FAQ to turn off the service after commissioning
• SIMATIC WinCC Runtime Professional:
Update to V14 SP1
All other versions: Follow FAQ to turn off the service after commissioning
• SIMATIC NET PC Software:
Follow FAQ to turn off the service after commissioning

Siemens is preparing further updates and recommends the following mitigations in the meantime:
• Turn off the Discovery Service or block it on the local firewall
• Apply cell protection concept
• Use VPN for protecting network communication between cells
• Apply Defense in Depth

Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPNs. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-535640.

The OPC Foundation also published a security bulletin for this vulnerability.

Leave a Reply

You must be logged in to post a comment.