Your one-stop web resource providing safety and security information to manufacturers

Vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS) affect modern processors from different vendors to a varying degree and Siemens has processors that suffer from the issues, according to a report with Siemens ProductCERT.

For SIMATIC IPCs, SIMATIC Field PGs, SIMATIC ITP devices, SIMOTION P and SINUMERIK PCUs: Siemens provides the first BIOS updates that include chipset microcode updates, and is working on further updates.

RELATED STORIES
Siemens Fixes TLS SIMATIC Holes
Siemens Handline SIMATIC Code Upload Hole
Advantech Secures WebAccess/SCADA
Advantech Secures WebAccess/SCADA

In addition to applying the available BIOS updates, users must also install the operating system patches provided by the operating system vendors in order to mitigate the vulnerabilities. Depending on the deployed operating system version, additional steps may be required to enable the mitigations.

SIMATIC Industrial PCs are the PC hardware platform for PC-based Automation from Siemens.
The SIMATIC S7-1500 MFP CPUs provide functionality of standard S7-1500 CPUs with the possibility to run C/C++ Code within the CPU-Runtime for execution of own functions / algorithms implemented in C/C++ and an additional second independent runtime environment to execute C/C++ applications parallel to the Step 7 program if required.
SIMOTION is a scalable high performance hardware and software system for motion control.
SINUMERIK CNC offers automation solutions for the shop floor, job shops and large serial production environments.
SINUMERIK Panel Control Unit (PCU) offers HMI functionality for SINUMERIK CNC controllers.
SINUMERIK Thin Client Unit (TCU) offers HMI functionality for SINUMERIK CNC controllers.

Cyber Security

The following are the products affected by the issue:
• SIMATIC Field PG M4, all versions
• SIMATIC Field PG M5, all versions
• SIMATIC Field PG M6, all versions
• SIMATIC IPC127E, all versions
• SIMATIC IPC2X7E, all versions
• SIMATIC IPC3000 SMART V2, all versions
• SIMATIC IPC327E, all versions
• SIMATIC IPC347E, all versions
• SIMATIC IPC377E, all versions
• SIMATIC IPC427C, all versions
• SIMATIC IPC427D, all versions
• SIMATIC IPC427E, all BIOS versions before V21.01.11, remediation is to update BIOS to V21.01.11
• SIMATIC IPC477C, all versions
• SIMATIC IPC477D, all versions
• SIMATIC IPC477E, all BIOS versions before V21.01.11, Remediation is to update BIOS to V21.01.11
• SIMATIC IPC477E Pro, all BIOS versions before V21.01.11, remediation is to update BIOS to V21.01.11
• SIMATIC IPC527G, all versions
• SIMATIC IPC547E, all versions
• SIMATIC IPC547G, all versions
• SIMATIC IPC627C, all versions
• SIMATIC IPC627D, all versions
• SIMATIC IPC627E, all BIOS versions before V25.02.04, remediation is to update BIOS to V25.02.04
• SIMATIC IPC647C, all versions
• SIMATIC IPC647D, all versions
• SIMATIC IPC647E, all BIOS versions before V25.02.04, remediation is to update BIOS to V25.02.04
• SIMATIC IPC677C, all versions
• SIMATIC IPC677D, all versions
• SIMATIC IPC677E, all BIOS versions before V25.02.04, remediation is to update BIOS to V25.02.04
• SIMATIC IPC827C, all versions
• SIMATIC IPC827D, all versions
• SIMATIC IPC847C, all versions
• SIMATIC IPC847D, all versions
• SIMATIC IPC847E, all BIOS versions before V25.02.04, remediation is to update to BIOS to V25.02.04
• SIMATIC ITP1000, all versions
• SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0), all versions
• SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0), all versions
• SIMOTION P320-4E, all versions
• SIMOTION P320-4S, all versions
• SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3), all versions
• SINUMERIK PCU 50.5, all versions
• SINUMERIK Panels with integrated TCU, all versions released
• SINUMERIK TCU 30.3, all versions

Siemens identified the following specific workarounds and mitigations:
• As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible.
• Applying a defense-in-depth concept can help to reduce the probability that untrusted code is run on the system.

The following are the vulnerabilities:

1. Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
The vulnerability has a case number of CVE-2018-12126 and it has a CVSS v3.0 Base Score of 6.5.

2. Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
The vulnerability has a case number of CVE-2018-12127 and it has a CVSS v3.0 Base Score of 6.5.

3. Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
The vulnerability has a case number of CVE-2018-12130 and it has a CVSS v3.0 Base Score of 6.5.

4. Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
The vulnerability has a case number of CVE-2019-11091 and it has a CVSS v3.0 Base Score of 3.8.

As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

Pin It on Pinterest

Share This