Siemens Fixes SIMATIC S7-1500 CPU

Tuesday, February 5, 2019 @ 11:02 PM gHale

Siemens recommends users upgrade to the latest version to mitigate an improper input validation vulnerabilities in its SIMATIC S7-1500 CPU, according to a report from NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities could allow a denial of service condition of the device. Georgy Zaytsev, Dmitry Sklyarov, Druzhinin Evgeny, Ilya Karpov, and Maxim Goryachy of Positive Technologies reported these vulnerabilities to Siemens.

RELATED STORIES
WECON Fixes LeviStudioU Holes
Rockwell Clears EtherNet/IP Web Server Module Holes
InduSoft Web Studio, InTouch Edge HMI Fixed
IDenticard Updating PremiSys Holes

The following versions of SIMATIC S7-1500 CPU suffer from the issue:
• SIMATIC S7-1500 CPU all versions v1.8.5 and prior, and
• SIMATIC S7-1500 CPU all versions prior to v2.5 down to and including v2.0.

In the vulnerability, an unauthenticated attacker sending specially crafted network packets to Port 80/tcp or 443/tcp may cause a denial of service on the device.

CVE-2018-16558 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, there is an unauthenticated attacker sending specially crafted network packets to Port 80/tcp or 443/tcp may cause a denial of service on the device.

CVE-2018-16559 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens recommends users upgrade to Version 2.5 or newer. Users who cannot upgrade because of hardware restrictions are recommended to apply the manual mitigations. Updates are available for download.

Siemens also recommends users apply the following manual mitigations:
• Protect network access to Port 80/tcp and Port 443/tcp of affected devices
• Apply cell protection concept
• Apply defense-in-depth

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security and following the recommendations in the product manuals.

Click here for additional information on industrial security for Siemens devices.

For more information on these vulnerabilities and more detailed mitigation instructions, see Siemens Security Advisory SSA-180635.



Leave a Reply

You must be logged in to post a comment.