Siemens has a new version available to mitigate a user of hard-coded cryptographic key vulnerability in its SIMATIC IT Unified Architecture Discrete Manufacturing (UADM), according to a report with CISA.
Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could allow an attacker to gain read and write access to the related TeamCenter station.
A part of the SIMATIC IT manufacturing execution system, SIMATIC IT UADM: All versions prior to 1.3 suffer from the issue. In the vulnerability, an authenticated remote attacker could recover a password over Port 1434/TCP, which may be used to gain read/write access to the related TeamCenter station.
CVE-2019-13929 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.8.
The product sees use mainly in the critical manufacturing sector. It does see action, however, on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens recommends users update to Version 1.3, which can be obtained from a Siemens account manager.
In addition, Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Protect network access to Port 1434/TCP of machines running SIMATIC IT UADM software
• Apply cell protection concept and implement defense-in-depth
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security, and following the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens security advisory SSA-984700.