Siemens Fixes Intel-based Hole

Thursday, June 29, 2017 @ 03:06 PM gHale

Siemens updated its firmware to mitigate a permissions, privileges and access controls vulnerability in its SIMATIC Industrial PCs, SINUMERIK Panel Control Unit (PCU), SIMOTION P320 products, according to a report with ICS-CERT.

A remote attacker can gain system privileges by exploiting this remotely exploitable vulnerability, discovered by Maksim Malyutin from Embedi who reported the issue to Intel.

Siemens Clears Viewport Vulnerability
Siemens Mitigates XHQ Vulnerability
Siemens Clears SIMATIC Hole
Ecava Fixes IntegraXor Vulnerability

Siemens said the vulnerability affects Siemens Industrial products which use Intel processors (Intel Core i5, Intel Core i7 and Intel XEON):
• SIMATIC Industrial PCs
• SINUMERIK Panel Control Unit (PCU)

Click here to see Siemens Security Advisory SSA-874235 for the full list of affected versions.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level would be able to leverage the vulnerability.

Unprivileged local or remote attackers can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT).

CVE-2017-5689 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use in the chemical, commercial facilities, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

Siemens has provided firmware updates for the various industrial PCs to address this vulnerability.

Siemens is working on updates for the remaining products, and recommends users implement the following mitigations:
• Ensure that AMT is set to “un-configured” in the BIOS-Setup.
1. The manufacturer settings for “iAMT” in the BIOS-Setup should always be “unconfigured” and “disabled”.
2. To un-configure iAMT please go into BIOS-Setup “Advanced->Active Management Technology Support” and set the variable “Un-configure” to , save the changes with F10. Afterwards reboot and verify that iAMT is un-configured and reset.
• Protect network access to Ports 16992/TCP, 16993/TCP, 16994/TCP, 16995/TCP, 623/TCP, and 664/TCP.

Munich, Germany-based Siemens recommends users protect network access to the non-perimeter industrial products with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.

For more a specific list of affected products and more detailed mitigation instructions, please see Siemens Security Advisory SSA-874235.

For more information about this vulnerability, please see Intel Security Advisory – INTEL-SA-00075.

Leave a Reply

You must be logged in to post a comment.