Siemens Heartbleed Update, Again

Wednesday, October 15, 2014 @ 09:10 AM gHale

Siemens found four vulnerabilities in its OpenSSL cryptographic software library affecting several of its industrial products, according to a report from ICS-CERT. Updates are available for APE 2.0.2, S7-1500, WinCC OA (PVSS), CP1543-1, and Ruggedcom ROX-based products.

The remotely exploitable vulnerability first came to light via Joel Langill of and RedHat Cyber, who discovered and reported the issue to ICS-CERT and Siemens affecting the S7-1500.

Unified Automation Heartbleed Vulnerability
Wonderware Patches Heartbleed Hole
Digi Mitigates Heartbleed Hole
ABB Working Toward Heartbleed Patch

Exploits that target the OpenSSL Heartbleed vulnerability are publicly available.

The following Siemens products suffer from the issue:
• eLAN-8.2 eLAN prior to 8.3.3 (affected when RIP is in action — update available)
• WinCC OA only V3.12 (always affected — update available)
• S7-1500 V1.5 (affected when HTTPS active — update available)
• CP1543-1 V1.1 (affected when FTPS active — update available)
• APE 2.0 (affected when SSL/TLS component is in use in customer implementation — update available)
• ROX 1: all versions (only affected if Crossbow is installed)
• ROX 2: all versions prior to V2.6.0 (only affected if eLAN or Crossbow is installed)

A successful “Heartbleed” exploit of the affected products by an attacker with network access could allow attackers to read sensitive data (to include private keys and user credentials) from the process memory.

Siemens is a multinational company headquartered in Munich, Germany.

The affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems.

The Heartbleed vulnerability could allow attackers to read unallocated memory of OpenSSL running processes. This could reveal secrets like transmitted data, passwords, or private keys.

CVE-2014-0160 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

An attacker with a low skill would be able to exploit this vulnerability.

The attacker must have network access to the affected devices to exploit this vulnerability. Siemens recommends operating all products except perimeter devices only within trusted networks.

Siemens provides updates for the following products:
• eLAN-8.2. To obtain the update to Version 8.3.3, submit a support request online.
• WinCC OA V3.12. Click here for the update for WinCC OA 3.12 (login required).
• CP-1543-1 V1.1. Click here for the update to CP-1543 V1.1.
• APE 2.0. Click here for the update to APE.
• S7-1500 V1.5. Click here for the update to S7-1500.
• S7-1500 V1.5. Click here for the update to S7-1500 Failsafe V1.5.
• Updated Ruggedcom ROX-based devices firmware can end up obtained for free from the following contact points:

Submit a support request to Siemens online.

Call a local hotline center.

Update Debian using the standard update procedures if eLAN is installed on Linux system.

Siemens provides specific advice for mitigating risk in each of the affected products in SSA 635659, which is on their web site.

Langill suggests if a user does not need HTTPS he or she should disable it until a patch is available and applied to the vulnerable product/service.

Leave a Reply

You must be logged in to post a comment.