Siemens SIMATIC DoS Holes

Tuesday, July 31, 2012 @ 05:07 PM gHale

There is a denial-of-service (DoS) vulnerability that exists in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. Siemens created a firmware update that mitigates the vulnerability affecting the S7-400 V6, according to a report on ICS-CERT.

Siemens will not fix the vulnerability that affects the S7-400 V5 because that product version has reached end-of-life and the company discontinued the line. Both vulnerabilities are susceptible to a remote attack.

Siemens Patches Dll Hijacking Hole
Wonderware Patches Dll Hijack
OSIsoft Releases Vulnerability Fix
Tridium Holes Remotely Exploitable

Siemens said one of the vulnerabilities affects the following products within the S7-400 CPU family with firmware Versions 6.0.1 and 6.0.2
• CPU 412-2 PN (6ES7412-2EK06-0AB0)
• CPU 414-3 PN/DP (6ES7414-3EM06-0AB0)
• CPU 414F-3 PN/DP (6ES7414-3FM06-0AB0)
• CPU 416-3 PN/DP (6ES7416-3ES06-0AB0)
• CPU 416F-3 PN (6ES7416-3FS06-0AB0)

Another vulnerability affects the following products within the S7-400 CPU family with firmware Version 5:
• CPU 414-3 PN/DP (6ES7414-3EM05-0AB0)
• CPU 416-3 PN/DP (6ES7416-3ER05-0AB0)
• CPU 416F-3 PN/DP (6ES7416-3FR05-0AB0)

When specially crafted packets come in via Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to undergo a manual reset to return to normal operation. No known public exploits specifically target these vulnerabilities and an attacker with a low skill could exploit these vulnerabilities.

Siemens released security advisories that detail the vulnerabilities in the two versions of the SIMATIC S7-400 CPU and the recommended security practices to secure the systems.

Leave a Reply

You must be logged in to post a comment.