Siemens has fixes available to mitigate an improper restriction of XML external entity reference vulnerability in its industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation, according to a report with ICS-CERT.
Successful exploitation of this remotely exploitable vulnerability, discovered by Sergey Temnikov of Kaspersky Lab, may allow an attacker to access various resources.
Siemens said the vulnerability affects the following industrial products, which use the Discovery Service of the OPC UA protocol stack by the OPC foundation:
• SIMATIC PCS 7
V7.1 and earlier versions
V8.0: All versions
V8.1: All versions
• SIMATIC WinCC:
V7.0: All versions
V7.2: All versions
V7.3: All versions
V7.4: All versions prior to V7.4 SP1
• SIMATIC WinCC Runtime Professional:
V13: All versions
V14: All versions prior to V14 SP1
• SIMATIC NET PC Software: All versions
• SIMATIC IT Production Suite: All versions
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
By sending specially crafted packets to the OPC Discovery Server at Port 4840/TCP, an attacker might cause the system to access various resources chosen by the attacker.
CVE-2017-12069 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.
The products see use in the chemical, energy, food and agriculture, water and wastewater systems sectors. The products also see action on a global basis.
Siemens provides fixes for the following products and recommends users upgrade to the newest version:
• SIMATIC PCS 7: All versions prior to V9.0: Follow FAQ
• SIMATIC NET PC Software:
Follow FAQ to turn off the service after commissioning
Siemens is preparing further updates and recommends the following mitigations in the meantime:
1. Turn off the Discovery Service or block it on the local firewall
2. Apply cell protection concept
3. Use VPN for protecting network communication between cells
4. Apply Defense in Depth
Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPNs. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.
For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-535640.
The OPC Foundation also published a security bulletin for this vulnerability.