Siemens Fixes SIMATIC S7-1500 CPU Hole

Friday, August 15, 2014 @ 01:08 PM gHale

Siemens created new firmware that mitigates a denial-of-service (DoS) vulnerability in Siemens SIMATIC S7-1500 CPU, according to a report with ICS-CERT.

Arnaud Ebalard from Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) discovered the remotely exploitable vulnerability.

Siemens Updates OpenSSL Holes
SUBNET Hot Fix for Vulnerability
Innominate Patches mGuard Hole
Siemens Patches SIMATIC WinCC Holes

SIMATIC S7-1500 CPU all versions before V1.6 suffer from the issue.

A successful exploit of this vulnerability will cause the CPU to automatically restart and remain in the “STOP” mode. The CPU would then need to manually go into the “RUN” mode to restore operations.

Siemens is a multinational company headquartered in Munich, Germany.

Products in the Siemens SIMATIC S7-1500 PLC family are for discrete and continuous control in industrial environments such as manufacturing, food and beverages, and chemical industries worldwide.

Specially crafted TCP packets could cause a DoS of the device if sent in a specific order. CVE-2014-5074 is the case number assigned to this vulnerability which has a CVSS v2 base score of 7.1.

No known public exploits specifically target this vulnerability, however, an attacker with a moderate skill would be able to exploit this vulnerability.

Click here for the firmware update for S7-1500 V1.6.

Siemens recommends running the affected software components in a protected network environment and to configure the environment according to operational guidelines.

For more information regarding this issue (SSA-310688) or any other security issue involving Siemens products, please see the Siemens ProductCERT security advisory page.

Leave a Reply

You must be logged in to post a comment.