Your one-stop web resource providing safety and security information to manufacturers

Siemens has a fix for multiple vulnerabilities in its SIMATIC RF6XXR, according to a report from Siemens ProductCERT.

The fixes are related to outdated TLS versions that are still supported by the product.

RELATED STORIES
Siemens Handline SIMATIC Code Upload Hole
Advantech Secures WebAccess/SCADA
Advantech Secures WebAccess/SCADA
SICK Handles MSC800 Issue

The vulnerabilities, discovered by Wendy Parrington from United Utilities, affect:
• SIMATIC RF615R, all versions before V3.2.1, remediation is to update to V3.2.1
• SIMATIC RF68XR, all versions before V3.2.1, remediation is to update to V3.2.1

SIMATIC RF600 Readers are used for the contactless identification of every kind of object, e.g. transport containers, pallets, production goods, or it can be generally used for recording goods in bulk.

Cyber Security

In one vulnerability, the SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses e.g. the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API, aka a “BEAST” attack.

The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.

The vulnerability has a case number of CVE-2011-3389 and has a CVSS v3.0 Base Score of 5.9.

In addition, TLS, when used with a 64-bit block cipher, could allow remote attackers to obtain cleartext data by leveraging a birthday attack against a long-duration encrypted session, aka a “Sweet32” attack.

The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.

The vulnerability has a case number of CVE-2016-6329 and it has a CVSS v3.0 Base Score of 5.9.

Also, TLS and DTLS versions 1.1 and 1.2, as used in the affected product, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue.

The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.

The vulnerability has a case number of CVE-2013-0169 and a CVSS v3.0 Base Score of 5.9.

Siemens identified the following specific workarounds and mitigations: Restrict network access to the device to the extent possible.

As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

Pin It on Pinterest

Share This