Siemens Updates SIMATIC Fixes

Wednesday, March 22, 2017 @ 12:03 PM gHale

Siemens updated its advisory regarding vulnerabilities affecting SIMATIC CP 343-1 Advanced/CP-443-1 Advanced devices and SIMATIC S7-300/S7-400 CPUs, according to a report with ICS-CERT.

Inverse Path auditors and the Airbus ICT Industrial Security team reported these vulnerabilities directly to Siemens. Siemens made new firmware versions available for several products and a temporary fix for the remaining affected products to mitigate these remotely exploitable vulnerabilities.

Moxa Updates NPort Fix
Rockwell Fixes FactoryTalk Hole
Rockwell Clears Workbench Vulnerability
LCDS Fixes SCADA Software

Siemens said the vulnerabilities affect the following SIMATIC products:
• SIMATIC CP 343-1 Advanced: All versions prior to V3.0.53
• SIMATIC CP 443-1 Advanced: All versions prior to V3.2.17
• SIMATIC S7-300 CPU family: All firmware versions
• SIMATIC S7-400 CPU family: All firmware versions

Under certain conditions, an attacker could use these vulnerabilities to perform operations as an authenticated user.

Siemens is a multinational company headquartered in Munich, Germany. Communication Processor (CP) modules SIMATIC CP 343-1 Advanced and CP 443-1 Advanced enable SIMATIC S7-300/S7-400 CPUs to communicate via Ethernet.

Several critical infrastructure sectors deploy these products, including chemical, critical manufacturing, and food and agriculture. Siemens said these products see action on a global basis.

In one vulnerability, the integrated web server at Port 80/TCP or Port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request.

CVE-2016-8673 is he case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

In addition, the integrated web server delivers cookies without the “secure” flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

CVE-2016-8672 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.0.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill may be able to exploit these vulnerabilities.

Siemens released firmware versions that fix the vulnerabilities and recommends users update to the fixed versions:
• SIMATIC CP 343-1 Advanced: Update to V3.0.53
• SIMATIC CP 443-1 Advanced: Update to V3.2.17

For SIMATIC S7-300/S7-400 CPUs, Siemens recommends the following mitigations:
1. Apply cell protection concept
2. Use VPN for protecting network communication between cells
3. Apply Defense-in-Depth

Siemens recommends users protect network access to SIMATIC S7-300/S7-400 CPUs and to the web interface of SIMATIC CP 343-1 Advanced and CP 443-1 Advanced devices with appropriate mechanisms. Siemens also advises users to configure the protected operational environment according to Siemens’ Operational Guidelines for Industrial Security.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-603476.

Leave a Reply

You must be logged in to post a comment.