Siemens has a new version available to handle improper input validation vulnerabilities in its SIPROTEC 5 and DIGSI 5, according to a report with NCCIC.
Successful exploitation of these remotely exploitasble vulnerabilities, discovered by Pierre Capillon, Nicolas Iooss, and Jean-Baptiste Galet from Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), could allow a denial-of-service condition and limited control of file upload, download, and delete functions.
The vulnerability affects the following SIPROTEC 5 and DIGSI 5 products:
• SIPROTEC 5 (All versions prior to v7.90) with CPU variants CP300 and CP100 and the respective Ethernet communication modules listed below:
• SIPTROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules
• DIGSI 5
All Versions prior to v7.90
In one vulnerability, a remote attacker could use specially crafted packets sent to Port 443/TCP to upload, download, or delete files in certain parts of the file system.
CVE-2019-10930 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.
In addition, specially crafted packets sent to Port 443/TCP could cause a denial-of-service condition.
CVE-2019-10931 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees action mainly in the energy sector on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
Siemens recommends users upgrade to V7.90 where available and apply specific mitigations.
SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules:
Update to firmware version V7.90. Search for ‘SIPROTEC 5 – DIGSI Device Drivers V7.90’ on the Siemens Industry Online Support site. Firmware version V7.90 for the communication modules can also be found on each device specific download page. Applying the update causes the device/module to go through a single restart cycle.
DIGSI 5 engineering software:
Update to DIGISI 5 V7.90 and activate the client authorization feature
All other SIPROTEC 5 device types with CPU variants CP300, CP200, and CP100 and the respective Ethernet communication modules: Block access to Port 443/TCP e.g. with an external firewall.
For more information on this vulnerability and associated software updates, see Siemens security advisory SSA-899560.