Mitigation for Siemens Comm Modules

Tuesday, March 26, 2013 @ 07:03 AM gHale

Siemens has mitigation details for a vulnerability that impacts the Siemens CP 1604 and CP 1616 communication modules, according to a report on ICS-CERT.

Siemens has identified a remotely exploitable vulnerability in the debugging interface of the CP 1604 and CP 1616 communications modules. Independent researchers Christopher Scheuring and Jürgen Bilberger from Daimler TSS GmbH coordinated disclosure of the vulnerability with Siemens.

Invensys Patches Wonderware Bug
Mitigation Ready for SEL Bug
Schneider, Researcher Disagree on Holes
SIMATIC Update Solves Bugs

These products connect PCI-104 systems to the PROFINET IO. By default, the debugging interface remains enabled and can allows for remote access on both devices. This remote access could lead to compromise of the system by denial of service (DoS), remote code execution, and loss of confidentiality. Siemens created a firmware update to mitigate the vulnerability.

The following products suffer from the issue:
• CP 1604 and CP 1604 Microbox package (versions prior to 2.5.2), and
• CP 1604 and CP 1616 Onboard card of SIMANTIC IPCs (versions prior to 2.5.2).

The CP 1604 and CP 1616 interface cards have a debugging interface enabled by default and is remotely accessible. By exploiting this vulnerability, an attacker can cause a DoS, remote code execution, and loss of confidentiality on the installed system. This could affect systems in the critical manufacturing, energy, and other sectors.

The affected products, CP 1604 and CP 1616, integrate communications to the PROFINET IO. According to Siemens, these devices work across several sectors including critical manufacturing, oil and gas, electric utilities, and others. Siemens said these products are in use worldwide.

The CP 1604 and CP 1616 interface cards connect desktop workstations and PCI-104 systems to PROFINET IO. The firmware’s debugging interface ends up enabled by default, giving remote access to the debugging ports. By sending a specially crafted packet to Port 17185/UDP, an attacker could cause a DoS or execute arbitrary code.

CVE-2013-0659 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

An attacker with a low skill would be able to exploit this vulnerability.

Siemens produced a firmware update to mitigate the vulnerability.

Also, here is the Siemens Security Advisory.

Leave a Reply

You must be logged in to post a comment.