Siemens has a firmware upgrade to fix a missing authentication for critical function in its TIM 1531 IRC, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could allow an attacker to perform arbitrary administrative operations.
A communication module for SIMATIC S7-1500, S7-400, and S7-300 with SINAUT ST7, TIM 1531 IRC all versions prior to 2.0 suffer from the vulnerability.
In one vulnerability, when authentication is configured it is missing on Port 102/TCP, which could allow an attacker to perform arbitrary administrative operations.
CVE-2018-13816 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.
The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and the water and wastewater systems sectors. The product sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens recommends upgrading to firmware v2.0.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Restrict access to Port 102/TCP on TIM 1531 IRC to trusted IP addresses
• Update firmware to version v2.0 (and reload the TIM station from engineering)
For additional information see Siemens’ security advisory SSA-982399.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.