Siemens Upgrades SIMATIC Logon Software

Tuesday, July 11, 2017 @ 04:07 PM gHale

Siemens created a software upgrade to mitigate an out-of-bounds write vulnerability in its SIMATIC Logon product, according to a report with ICS-CERT.

SIMATIC Logon: All versions prior to V1.6 suffer from the remotely exploitable issue, reported by Tenable Network Security which reported it directly to Siemens.

Fuji Mitigates Electric V-Server Issue
ABB Clears WiFi Logger Card Hole
Fix is in for PI Coresight
OSIsoft Fixes PI ProcessBook, PI ActiveView

Successful exploitation of this vulnerability could allow attackers to cause a denial of service of the SIMATIC Logon Remote Access service under certain conditions.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Specially crafted packets sent to the SIMATIC Logon Remote Access service on Port 16389/TCP could cause a denial-of-service condition. The service restarts automatically.

CVE-2017-9938 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees action in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It sees use on a global basis.

Munich, Germany-based Siemens created a software upgrade V1.6 for SIMATIC Logon which fixes the vulnerability, and they recommend users upgrade to the newest version. Contact the local Siemens representative or customer support at the following location.

Siemens recommends users protect network access to the Port 16389/TCP of the SIMATIC Logon Remote Access service with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.

For a more specific list of affected products and more detailed mitigation instructions, see Siemens Security Advisory SSA-804859.

Leave a Reply

You must be logged in to post a comment.