Siemens Mitigates Hole in S7-400 CPUs

Tuesday, November 13, 2018 @ 07:11 PM gHale

Siemens has mitigations in place to handle an improper input validation vulnerability in its S7-400 CPUs, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by CNCERT/CC who reported it to Siemens, could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation.

RELATED STORIES
Siemens Clears Improper Access Control Hole
Roche Updates Point of Care Fix
Philips Security Plan for iSite, IntelliSpace PACS
Fr. Sauter Fix for CASE Suite

Siemens said vulnerabilities affect the following SIMATIC S7-400 products:
• S7-400 v6 (including F) and below all versions
• S7-400 PN/DP v7 (including F) all versions
• S7-400H v4.5 and below all versions
• S7-400H v6 all versions
• S7-410 all versions prior to v8.2.1

In the vulnerability, specially crafted packets sent to Port 102/TCP via Ethernet interface, via PROFIBUS, or via multi-point interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation.

CVE-2018-16556 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, specially crafted packets sent to Port 102/TCP via Ethernet interface via PROFIBUS or MPI could cause a denial-of-service condition on affected devices. Recovery may require flashing with a firmware image. If no access protection is configured, no privileges are required to exploit this vulnerability.

CVE-2018-16557 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

The product sees use in the chemical, critical manufacturing, energy, food and agriculture, healthcare and public health, and transportation sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens recommends implementing the following mitigations:
1. Configure protection Level 3 (read/write protection) to mitigate CVE-2018-16557
2. Restrict network access to affected devices; restrict network access to Port 102/TCP for Ethernet interfaces
3. For SIMATIC S7-CPU 410 CPUs: Activate field interface security in PCS 7 v9.0, use a SIMATIC CP443-1 Adv. to communicate with ES/OS, and update to Version 8.2.1
4 Apply defense-in-depth

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

For more information on these vulnerabilities and associated software updates, please see Siemens security advisory SSA-113131.



Leave a Reply

You must be logged in to post a comment.