Siemens has an update to mitigate a denial of service from an improper input validation vulnerability in its SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller, according to a report with NCCIC.
An attacker with network access to the PLC may be able to cause a denial-of-service condition on the network stack.
This remotely exploitable vulnerability, discovered by Marcin Dudek, Jacek Gajewski, Kinga Staszkiewicz, Jakub Suchorab, and Joanna Walkiewicz from National Centre for Nuclear Research Poland who reported it to Siemens, affects the following products and versions:
• Simatic S7-1500 (incl. F), all versions prior to v2.5 down to and including v2.0
• Simatic S7-1500 Software Controller all versions prior to v2.5 down to and including v2.0
• Simatic ET 200SP Open Controller all versions including and after v2.0
In the vulnerability, an attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity.
CVE-2018-13805 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.
The product sees use in the chemical, critical manufacturing, energy, food and agriculture, water and wastewater systems sectors. It sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens provides updates to address this vulnerability in these products and recommends users update to the new version.
• SIMATIC S7-1500 Software Controller: Update to v2.5 or newer
• SIMATIC S7-1500 incl. F: Update to v2.5 or newer
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Restrict network access to affected devices
• Apply cell-protection concept
• Apply defense-in-depth
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-347726 on their website.