Siemens Fixes SPC Controller DoS

Monday, March 9, 2015 @ 06:03 PM gHale

Siemens created an update that mitigates a denial-of-service (DoS) vulnerability in its SPC Controllers, according to a report on ICS-CERT.

Davide Peruzzi of GoSecure! discovered the remotely exploitable vulnerability.

Siemens Updates Search Path Hole
Siemens Working out GHOST Vulnerability
Schneider Fixes Buffer Overflow
Kepware Fixes Vulnerability

The following SPC Controllers suffer from the issue:
• SPC4000 series: All versions prior to V3.6.0
• SPC5000 series: All versions prior to V3.6.0
• SPC6000 series: All versions prior to V3.6.0

An attacker with network access to the web interface could cause a DoS by exploiting this vulnerability.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, SPC Controllers, are hybrid physical intrusion detection and access control systems. According to Siemens, SPC Controllers deploy across multiple sectors. Siemens estimates these products see action on a worldwide basis.

Specially crafted network packets sent to the web interface could cause a DoS of the affected devices. The devices will automatically restart.

CVE-2014-9369 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

In order to exploit this vulnerability, the attacker would need network access to the panel’s web interface. In addition, the web interface must end up enabled.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Click here to view Siemens security advisory SSA-335471.

Siemens released firmware update SPC V3.6.0, which resolves this vulnerability. Siemens strongly recommends all users apply the update.

Leave a Reply

You must be logged in to post a comment.