Your one-stop web resource providing safety and security information to manufacturers

Siemens has upgrades available to handle an out-of-bounds read vulnerability in its CP, SIAMTIC, SIMOCODE, SINAMICS, SITOP, and TIM products, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could result in a denial-of-service (DoS) condition leading to a restart of the webserver.

RELATED STORIES
Siemens Fixing DoS Issue with OPC UA
Omron Fixes CX-Programmer Hole
Another Fix for Rockwell’s Stratix, ArmorStratix
Rockwell has Fix for Stratix, ArmorStratix Holes

The following products and versions suffer from the issue:
• CP1604: All versions
• CP1616: All versions
• SIAMTIC RF185C: All versions
• SIMATIC CP343-1 Advanced: All versions
• SIMATIC CP443-1: All versions
• SIMATIC CP443-1 Advanced: All versions
• SIMATIC CP443-1 OPC UA: All versions
• SIMATIC ET 200 SP Open Controller CPU 1515SP PC: All versions prior to v2.1.6
• SIMATIC ET 200 SP Open Controller CPU 1515SP PC2: All versions
• SIMATIC HMI Comfort Outdoor Panels 7″ & 15″: All versions
• SIMATIC HMI Comfort Panels 4″ – 22″: All versions
• SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F: All versions
• SIMATIC IPC DiagMonitor: All versions
• SIMATIC RF181-EIP: All versions
• SIMATIC RF182C: All versions
• SIMATIC RF186C: All versions
• SIMATIC RF188C: All versions
• SIMATIC RF600R: All versions
• SIMATIC S7-1500 CPU family: All versions
• SIMATIC S7-1500 Software Controller: All versions
• SIMATIC S7-300 CPU family: All versions prior to v3.X.16
• SIMATIC S7-400 PN (incl. F) v6 and below: All versions
• SIMATIC S7-400 PN/DP v7 (incl. F): All versions
• SIMATIC S7-PLCSIM Advanced: All versions
• SIMATIC Teleservice Adapter IE Advanced: All versions
• SIMATIC Teleservice Adapter IE Basic: All versions
• SIMATIC Teleservice Adapter IE Standard: All versions
• SIMATIC WinAC RTX 2010: All versions
• SIMATIC WinCC Runtime Advanced: All versions
• SIMOCODE pro V EIP: All versions
• SIMOCODE pro V PN: All versions
• SINAMICS G130 v4.6: All versions
• SINAMICS G130 v4.7: All versions
• SINAMICS G130 v4.7 SP1: All versions
• SINAMICS G130 v4.8: All versions prior to v4.8 HF6
• SINAMICS G130 v5.1: All versions
• SINAMICS G130 v5.1 SP1: All versions prior to v5.1 SP1 HF4
• SINAMICS G150 v4.6: All versions
• SINAMICS G150 v4.7: All versions
• SINAMICS G150 v4.7 SP1: All versions
• SINAMICS G150 v4.8: All versions prior to v4.8 HF6
• SINAMICS G150 v5.1: All versions
• SINAMICS G150 v5.1 SP1: All versions prior to v5.1 SP1 HF4
• SINAMICS S120 v4.6: All versions
• SINAMICS S120 v4.7: All versions
• SINAMICS S120 v4.7 SP1: All versions
• SINAMICS S120 v4.8: All versions prior to v4.8 HF6
• SINAMICS S120 v5.1: All versions
• SINAMICS S120 v5.1 SP1: All versions prior to v5.1 SP1 HF4
• SINAMICS S150 v4.6: All versions
• SINAMICS S150 v4.7: All versions
• SINAMICS S150 v4.7 SP1: All versions
• SINAMICS S150 v4.8: All versions prior to v4.8 HF6
• SINAMICS S150 v5.1: All versions
• SINAMICS S150 v5.1 SP1: All versions prior to v5.1 SP1 HF4
• SINAMICS S210 v5.1: All versions
• SINAMICS S210 v5.1 SP1: All versions
• SITOP Manager: All versions
• SITOP PSU8600: All versions
• SITOP UPS1600: All versions
• TIM 1531 IRC: All versions

In the vulnerability, the webserver of the affected devices contains a vulnerability that may allow an attacker to cause a denial-of-service condition, which leads to a restart of the webserver.

Cyber Security

CVE-2019-6568 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The products see use in the commercial facilities, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. They also see action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Siemens recommends upgrading to the following firmware updates for the products below:
v2.1.6
• SIMATIC ET 200 SP Open Controller CPU 1515SP PC

v3.X.16
• SIMATIC S7-300 CPU family

v5.2 (latest version)
• SINAMICS G130 v4.6, v4.7, and v4.7 SP1
• SINAMICS G150 v4.6 and v4.7 SP1
• SINAMICS S150 v4.6 and v4.7 SP1

v4.8 HF6
• SINAMICS G130 v4.8
• SINAMICS G150 v4.8
• SINAMICS S150 v4.8

v5.1 SP1 HF4
• SINAMICS G130 v5.1 SP1
• SINAMICS G150 v5.1 SP1
• SINAMICS S150 v5.1 SP1

v5.2 (latest version)
• SINAMICS S120 v4.6 and v4.7 SP1

v4.8 HF6
• SINAMICS S120 v4.8

v5.1 SP1 HF4
• SINAMICS S120 v5.1 SP1

For all other affected products, Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Apply appropriate strategies for mitigation as described in the general security recommendation section.
• Restrict network access to the integrated webserver.
• Deactivate the webserver if not required and if deactivation is supported by the product.
• For SINAMICS S, G130, G150 devices: Perform upgrade to a new fixed version, for example v5.2

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following the recommendations in the product manuals.

Click here for additional information on industrial security by Siemens.

For more information on the vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-480230.

Pin It on Pinterest

Share This