Siemens has an update to mitigate an improper input validation vulnerability in its SIMATIC S7-300 CPU, according to a report with NCCIC.
Successful exploitation of this vulnerability could crash the device being accessed, resulting in a denial-of-service condition. China Industrial Control Systems Cyber Emergency Response Team (CIC) reported this vulnerability.
SIMATIC S7-300 CPUs: All versions prior to v3.X.16 suffer from the remotely exploitable vulnerability.
In the vulnerability, the affected CPUs improperly validate S7 communication packets, which could cause a denial-of-service condition of the CPU. The CPU will remain in defect mode until manual restart.
Successful exploitation requires an attacker to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). The vulnerability could allow a denial-of-service condition of the core functionality of the CPU.
CVE-2018-1656 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens recommends users update to Version 3.X.16.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: Siemens recommends operating the devices only within trusted networks.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on this vulnerability and associated software updates, see Siemens security advisory SSA-306710.