Siemens has an update to mitigate information exposure, out-of-bounds write, and heap-based buffer overflow vulnerabilities in its WibuKey Digital Rights Management (DRM) used with SICAM 230, according to a report with NCCIC.
Successful exploitation of these vulnerabilities, which Siemens self-reported, may allow information disclosure, privilege escalation, or remote code execution.
All versions from 7.20 and prior of the Siemens SICAM 230 process control system suffer from the remotely exploitable vulnerabilities in WibuKey Digital Rights Management.
In one vulnerability, a specially crafted IRP (I/O request packet) can cause the driver to return uninitialized memory, which may result in kernel memory disclosure.
CVE-2018-3989 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.
In addition, a specially crafted IRP (I/O request packet) can cause a buffer overflow, resulting in kernel memory corruption, which may allow privilege escalation.
CVE-2018-3990 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.3.
Also, a specially crafted TCP packet sent to Port 22347/TCP can cause a heap overflow, which may lead to remote code execution.
CVE-2018-3991 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.
The product sees use mainly in the energy sector. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
Siemens recommends users upgrade to WibuKey Digital Rights Management (DRM) Version 6.50 or higher from WIBU SYSTEMS AG.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: CVE-2018-3991 can be mitigated by blocking Port 22347/TCP e.g., on an external firewall.
Siemens recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.
As a general security measure Siemens recommends protecting network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). Users are advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment. Click here for recommended security guidelines.
For additional information see Siemens’ security advisory SSA-760124.