Siemens Fixes SIMATIC Panels, SIMATIC WinCC

Tuesday, November 13, 2018 @ 08:11 PM gHale

Siemens has updates available to handle a code injection vulnerability in its SIMATIC Panels and SIMATIC WinCC (TIA Portal), according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could allow an attacker with network access to the web server to perform a HTTP header injection attack.

RELATED STORIES
Siemens Mitigates Hole in S7-400 CPUs
Siemens Clears Improper Access Control Hole
Roche Updates Point of Care Fix
Philips Security Plan for iSite, IntelliSpace PACS
Fr. Sauter Fix for CASE Suite

Siemens reports the vulnerability affects the following versions of SIMATIC Panel software and SIMATIC WinCC (TIA Portal):
• SIMATIC HMI Comfort Panels 4″ – 22″: All versions prior to v14
• SIMATIC HMI Comfort Outdoor Panels 7″ and 15″: All versions prior to v14
• SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F: All versions prior to v14
• SIMATIC WinCC Runtime Advanced: All versions prior to v14
• SIMATIC WinCC Runtime Professional: All versions prior to v14
• SIMATIC WinCC (TIA Portal): All versions prior to v14
• SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel): All versions

The integrated web server (Port 80/TCP and Port 443/TCP) of the affected devices could allow an attacker to inject HTTP headers.

An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability.

CVE-2018-13814 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.

The product sees use in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens has provided an update for the following products to fix the vulnerability.
• SIMATIC HMI Comfort Panels 4″ – 22″: Update SIMATIC WinCC (TIA Portal) to v15 Update 4 or newer, and then update panel to v15 Update 4 or newer
• SIMATIC HMI Comfort Outdoor Panels 7″ & 15″: Update SIMATIC WinCC (TIA Portal) to v15 Update 4 or newer, and then update panel to v15 Update 4 or newer
• SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F: Update SIMATIC WinCC (TIA Portal) to v15 Update 4 or newer, and then update panel to v15 Update 4 or newer
• SIMATIC WinCC Runtime Advanced: Update to v15 Update 4 or newer
• SIMATIC WinCC Runtime Professional: Update to v15 Update 4 or newer
• SIMATIC WinCC (TIA Portal): Update to v15 Update 4 or newer
• SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel): Restrict network access to the integrated web server and deactivate the web server if not required. The web server is disabled by default

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

Click here for additional information on industrial security by Siemens.

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-944083.



Leave a Reply

You must be logged in to post a comment.