Siemens Working out GHOST Vulnerability

Monday, March 9, 2015 @ 06:03 PM gHale

The “GHOST” vulnerability in the glibc library affects the Siemens SINUMERIK and SIMATIC HMI Basic applications, according to a report on ICS-CERT.

On one hand, Siemens created an update for SINUMERIK that mitigates this vulnerability, but the automation giant is still working on an update for SIMATIC.

Schneider Fixes Buffer Overflow
Kepware Fixes Vulnerability
Software Toolbox Mitigates Vulnerability
Siemens Fixes STEP 7 TIA Portal Holes

The following SINUMERIK and SIMATIC HMI Basic versions suffer from the issue:
• SINUMERIK 808D, 828D, 840D sl, all versions up to 4.7
• SIMATIC HMI Basic Panels 2nd Generation

The following Ruggedcom APE versions are not vulnerable in their default configuration, but can become exploitable depending on components installed and user configuration:
• Ruggedcom APE: APE1402-XX, APE1402-C01, APE1404-XX, APE1404-C01, all versions.

An authenticated local user could cause a denial of service of the targeted system by exploiting this vulnerability.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, see use as an interface between operators and corresponding systems, as well as the ability to run third-party components. These products see action across several sectors including: Chemical, energy, food and agriculture, and water and wastewater systems. Siemens estimated these products see use primarily in the United States and Europe with a small percentage in Asia.

Incorrect parsing within the glibc library functions “gethostbyname()” and “gethostbyname2()” could cause a denial of service of the targeted system.

CVE-2015-0235 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.6.

In order to exploit the SINUMERIK and SIMATIC HMI Basic products, an attacker would first need to have authenticated local access to the device(s).

To exploit the Ruggedcom APE product an attacker would need to be able to influence parameters passed to the vulnerable functions. This is only possible if the user installed components that utilize the vulnerable functions and that are accessible to the attacker.

No known public exploits specifically target these products. However, public exploits for the “GHOST” vulnerability do exist.

An attacker with local access and a low skill would be able to exploit this vulnerability.

Click here to view the Siemens security advisory SSA-994726.

Siemens has provided updates for the following products and encourages customers to upgrade the products to the newest version:
• SINUMERIK Controllers – Contact your local Siemens account manager for the update.
• For Version V2.7: update to V2.7 SP4 Hotfix 3
• For Version V4.5: update to V4.5 SP4 Hotfix 4
• For Version V4.7: update to V4.7 SP1
• Ruggedcom APE: APE1402-XX, APE1402-C01, APE1404-XX, APE1404-C01, All versions. Click here for upgrade information.
• SIMATIC HMI Basic Panels 2nd Generation

As soon as an update is available, Siemens will provide the information and update their security advisory SSA-994726.

One Response to “Siemens Working out GHOST Vulnerability”

  1. […] Earlier this week security updates were made available by Siemens for its Simatic products (Industrial Data Network Controllers) to resolve an issue in the GNU C library that was reported in January this year. Updates were already available for its Ruggedcom (industrial routers) and its SINUMERIK controllers in March. These products are deployed in industrial sectors to provide data networking capabilities within large production lines and processing facilities e.g. water treatment. […]

Leave a Reply

You must be logged in to post a comment.