Siemens updated a fix for an authentication bypass vulnerability in its SIMATIC product, according to a report with ICS-CERT.
Successful exploitation of this vulnerability could allow attackers to circumvent user authentication under certain conditions.
Siemens said the remotely exploitable vulnerability affects the following software applications used for central user administration:
• SIMATIC Logon: All versions prior to V1.5 SP3 Update 2
The following products include affected versions of SIMATIC Logon:
• SIMATIC WinCC: All versions prior to V7.4 SP1
• SIMATIC WinCC Runtime Professional: All versions prior to V14 SP1
• SIMATIC PCS 7: All versions
• SIMATIC PDM: All versions
• SIMATIC IT: All versions
No known public exploits specifically target this vulnerability and a high skill level is needed to leverage the issue.
An attacker with knowledge of a valid user name, and physical or network access to the affected system could bypass the application-level authentication.
CVE-2017-2684 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.0.
SIMATIC sees action mainly in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It also sees use on a global basis.
Siemens provides SIMATIC Logon V1.5 SP3 Update 2 and recommends users update to the new version. Customers that use recent versions of SIMATIC WinCC, SIMATIC PCS 7, SIMATIC IT, or SIMATIC PDM can install the new version of SIMATIC Logon without an update of these products as described in the compatibility note.
For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-931064.
As a general security measure Siemens recommends configuring the environment according to Siemens’ operational guidelines in order to run the devices in a protected IT environment.