Siemens Fixes DoS Vulnerability

Wednesday, October 26, 2016 @ 12:10 PM gHale

Siemens created a firmware update to mitigate a denial-of-service (DoS) vulnerability in its SICAM products, according to a report with ICS-CERT.

This vulnerability, discovered by Adam Crain of Automatak LLC, is remotely exploitable.

Remote Control SCADA Issue Fixed
Moxa Clears Privilege Escalation Hole
Schneider Fixes Password Vulnerability
OSIsoft Mitigates PI Web API Hole

Siemens reports the vulnerability affects the following versions of SICAM:
ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for:
• SICAM TM 1703
• SICAM BC 1703

ETA2 firmware (Revision 11.01 and earlier) of the SM-2556 extension module for:

Successful exploitation of this vulnerability could cause a denial of service. A cold start might be required to recover the system.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, SM-2558 and SM-2556, are communication modules used to connect networked industrial components. The SM-2558 and SM-2556 communication modules see action across several sectors including chemical, critical manufacturing, and government facilities. Siemens estimates these products see use worldwide.

Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system.

CVE-2016-7987 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Siemens provides firmware ETA4 Revision 08 for SM-2558 that fixes the vulnerability and recommends customers update to the fixed version.

For the SM-2556 extension module, Siemens recommends customers email the support center.

Until a user can apply patches, Siemens advises to apply the following steps to mitigate the risk:
• Use a firewall or the IPsec functionality of the SM-2558 module to restrict access to Port 2404/TCP
• Always run RTUs in trusted networks

As a general security measure Siemens recommends to protect network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

Siemens recommends security guidelines to secure a substation.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-296574.

Leave a Reply

You must be logged in to post a comment.