WinCC OA Licensing Software Holes Filled

Monday, February 25, 2019 @ 04:02 PM gHale

Siemens fixed multiple vulnerabilities identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA, according to a report from Siemens ProductCERT.

Products affected by the vulnerabilities include all versions of SIMATIC WinCC OA 3.14, SIMATIC WinCC OA 3.15, and SIMATIC WinCC OA 3.16.

RELATED STORIES
Wind River, GE Update 6-year-old Holes
Rockwell Working on PowerMonitor 1000 Fix
Horner Clears Cscape Vulnerability
Delta Fixes it Industrial Automation CNCSoft

The client-server HMI (human machine interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for use in applications requiring a high degree of customer-specific adaptability, large or complex applications and projects that impose specific system requirements or functions.

In one vulnerability, a specially crafted IRP (I/O request packet) can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. The vulnerability case number is CVE-2018-3989, which has a CVSS v3.0 Base Score 4.3.

In addition, a specially crafted IRP (I/O request packet) can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. The vulnerability case number is CVE-2018-3990, which has a CVSS v3.0 Base Score 9.3.

Also, a specially crafted TCP packet sent to port 22347/tcp can cause a heap overflow, potentially leading to remote code execution. The vulnerability case number is CVE-2018-3991, which has a CVSS v3.0 Base Score 10.0.

In order to mitigate the issues, Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG:
• SIMATIC WinCC OA 3.14: Apply WibuKey Digital Rights Management (DRM) version 6.50 or higher from WIBU SYS- TEMS AG
• SIMATIC WinCC OA 3.15: Apply WibuKey Digital Rights Management (DRM) version 6.50 or higher from WIBU SYS- TEMS AG
• SIMATIC WinCC OA 3.16: Apply WibuKey Digital Rights Management (DRM) version 6.50 or higher from WIBU SYS- TEMS AG

In addition, Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk: CVE-2018-3991 can be mitigated by blocking port 22347/tcp e.g. on an external firewall.

As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security.

Click here for additional information on Industrial Security by Siemens.

For further inquiries on security vulnerabilities in Siemens products and solutions, go to the Siemens ProductCERT.



Leave a Reply

You must be logged in to post a comment.