Siemens Clears SIMATIC S7 Vulnerability

Wednesday, November 14, 2018 @ 09:11 AM gHale

Siemens has a new version out to handle a resource exhaustion vulnerability in its SIMATIC S7, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Younes Dragoni of Nozomi Networks, could result in a denial-of-service condition that could result in a loss of availability of the affected device.

RELATED STORIES
Siemens Plugs SCALANCE S Hole
Siemens Fixes SIMATIC Panels, SIMATIC WinCC
Siemens Mitigates Hole in S7-400 CPUs
Siemens Clears Improper Access Control Hole

Siemens said the following SIMATIC S7 products are affected:
• SIMATIC S7-1200: All versions
• SIMATIC S7-1500: All versions prior to 2.6

In the vulnerability, an attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to Port 102/TCP of the affected device.

CVE-2018-13815 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Siemens recommends users of SIMATIC S7-1500 update to Version 2.6.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Protect network access to Port 102/TCP of affected devices
• Apply cell-protection concept
• Apply defense-in-depth

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-584286.



Leave a Reply

You must be logged in to post a comment.