Siemens Clears SIMATIC Hole

Thursday, June 22, 2017 @ 05:06 PM gHale

Siemens released firmware to mitigate an improper authentication vulnerability in its SIMATIC CP 44x-1 Redundant Network Access (RNA) modules, according to a report with ICS-CERT.

The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs to Industrial Ethernet suffer from the issue: SIMATIC CP 44x-1 RNA, all versions prior to Versions 1.4.1.

Ecava Fixes IntegraXor Vulnerability
Siemens Authentication Bypass Update
Siemens Updates DCP DoS Hole
Siemens Updates PROFINET DCP Issue

Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, may allow an unauthenticated remote attacker to perform administrative actions under certain conditions.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level would be able to leverage the vulnerability.

An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA’s CPU.

CVE-2017-6868 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use in the chemical, critical manufacturing, and food and agriculture sectors. It sees action on a global basis.

Munich, Germany-based Siemens released firmware update, Version 1.4.1, for the SIMATIC CP 44x-1 RNA modules that fixes the vulnerability.

Siemens recommends users apply the firmware update.

Siemens recommends users apply the following mitigations until the firmware update can be applied:
Apply cell protection concept
• Use VPN for protecting network communication between cells
Apply Defense-in-Depth

Leave a Reply

You must be logged in to post a comment.