Your one-stop web resource providing safety and security information to manufacturers

Siemens has a new version available to handle improper input validation vulnerabilities in its SIPROTEC 5 and DIGSI 5, according to a report with NCCIC.

Successful exploitation of these remotely exploitasble vulnerabilities, discovered by Pierre Capillon, Nicolas Iooss, and Jean-Baptiste Galet from Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), could allow a denial-of-service condition and limited control of file upload, download, and delete functions.

RELATED STORIES
Siemens Clears XSS Issue in Spectrum Power
Siemens Updates TIA Portal Issue
Siemens Addresses ZombieLoad Issues
Siemens Fixes TLS SIMATIC Holes

The vulnerability affects the following SIPROTEC 5 and DIGSI 5 products:
• SIPROTEC 5 (All versions prior to v7.90) with CPU variants CP300 and CP100 and the respective Ethernet communication modules listed below:
6MD85
6MD86
6MD89
7UM85
7SA87
7SD87
7SL87
7VK87
7SA82
7SA86
7SD82
7SD86
7SL82
7SL86
7SJ86
7SK82
7SK85
7SJ82
7SJ85
7UT82
7UT85
7UT86
7UT87
7VE85

• SIPTROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules
All versions

Cyber Security

• DIGSI 5
All Versions prior to v7.90

In one vulnerability, a remote attacker could use specially crafted packets sent to Port 443/TCP to upload, download, or delete files in certain parts of the file system.

CVE-2019-10930 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, specially crafted packets sent to Port 443/TCP could cause a denial-of-service condition.

CVE-2019-10931 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees action mainly in the energy sector on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens recommends users upgrade to V7.90 where available and apply specific mitigations.

SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules:

Update to firmware version V7.90. Search for ‘SIPROTEC 5 – DIGSI Device Drivers V7.90’ on the Siemens Industry Online Support site. Firmware version V7.90 for the communication modules can also be found on each device specific download page. Applying the update causes the device/module to go through a single restart cycle.

DIGSI 5 engineering software:
Update to DIGISI 5 V7.90 and activate the client authorization feature

All other SIPROTEC 5 device types with CPU variants CP300, CP200, and CP100 and the respective Ethernet communication modules: Block access to Port 443/TCP e.g. with an external firewall.

For more information on this vulnerability and associated software updates, see Siemens security advisory SSA-899560.

Pin It on Pinterest

Share This