Siemens Fixing DoS Issue with OPC UA

Tuesday, April 9, 2019 @ 01:04 PM gHale

Siemens released updates to mitigate a vulnerability in the OPC UA server of several of its industrial products that could cause a denial-of-service (DoS), according to a report from Siemens ProductCERT.

Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a DoS condition of the OPC communication or crash the device.

Omron Fixes CX-Programmer Hole
Another Fix for Rockwell’s Stratix, ArmorStratix
Rockwell has Fix for Stratix, ArmorStratix Holes
Rockwell Mitigation Plan for Stratix 5950

The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

There are no public exploits known at this time, Siemens said.

Unless noted otherwise, users for the following products should go to the recommendations for workarounds and mitigations:
• SIMATIC CP443-1 OPC UA all versions
• SIMATIC ET 200 Open Controller CPU 1515SP PC2 all versions
• SIMATIC IPC DiagMonitor all versions
• SIMATIC NET PC Software all versions
• SIMATIC RF188C all versions
• SIMATIC RF600R all versions
• SIMATIC S7-1500 CPU family all versions >= V2.5
• SIMATIC S7-1500 Software Controller all versions >= V2.5
• SIMATIC WinCC OA All versions < V3.15-P018 Update to V3.15-P018
• SIMATIC WinCC Runtime Advanced all versions
• SIMATIC WinCC Runtime Comfort all versions
• SIMATIC WinCC Runtime HSP Comfort all versions
• SIMATIC WinCC Runtime Mobile all versions
• SINEC-NMS All versions
• SINEMA Server All versions
• SINUMERIK OPC UA Server all versions < V2.1 Update to V2.1 or newer
* TeleControl Server Basic all versions

Siemens is preparing further updates and recommends specific countermeasures until patches are available.

Siemens found the following specific workarounds and mitigations:
• Deactivate the OPC UA Service if supported by the product
• Apply cell protection concept
• Use VPN for protecting network communication between cells
• Apply Defense-in-Depth

As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms.

In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.

Click here for additional information on industrial security by Siemens.

The client-server HMI (human machine interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for use in applications requiring a high degree of customer-specific adaptability, large or complex applications and projects that impose specific system requirements or functions.

SINEMA Server is a network management software designed by Siemens for use in Industrial Ethernet networks.

SINEC NMS is a new generation of the Network Management System (NMS) for the Digital Enterprise. This system can be used to centrally monitor, manage, and configure networks with up to 12,500 devices.

SIMATIC HMI Panels are used for operator control and monitoring of machines and plants.

SIMATIC NET PC-Software is required for communication between controllers (PLCs) and PC based solutions (HMIs).

TeleControl Server Basic allows remote monitoring and control of plants.

SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system states of the SIMATIC IPCs. It communicates with other systems and reacts when events occur.

SIMATIC RF600 Readers are used for the contactless identification of every kind of object, e.g. transport containers, pallets, production goods, or it can be generally used for recording goods in bulk.

Communication Processor (CP) modules of families SIMATIC CP 343-1 and CP 443-1 have been designed to enable SIMATIC S7-300/S7-400 CPUs for Ethernet communication.

SINUMERIK CNC offers automation solutions for the shop floor, job shops and large serial production environments.

The vulnerability has a case number of CVE-2019-6575 and it has a CVSS v3.0 base score of 7.5.

For further information on security vulnerabilities in Siemens products and solutions, click on Siemens ProductCERT.

Leave a Reply

You must be logged in to post a comment.