Your one-stop web resource providing safety and security information to manufacturers

Siemens developed mitigations for a Denial-of-Service (DoS) vulnerability in its SIMATIC S7-300 CPUs, according to a report on ICS-CERT.

Johannes Klick, Christian Pfahl, Martin Gebert, and Lucas Jacob from Freie Universität Berlin’s work team SCADACS discovered the remotely exploitable vulnerability.

Siemens Fixes SPC Controller DoS
Siemens Updates Search Path Hole
Siemens Working out GHOST Vulnerability
Schneider Fixes Buffer Overflow

All versions of the SIMATIC S7-300 CPU family suffer from the issue.

This vulnerability could allow attackers to perform a DoS attack over the network without prior authentication against S7-300 CPUs under certain conditions. The user would have to conduct a cold restart to recover the system.

Schneider Bold

Siemens is a multinational company headquartered in Munich, Germany.

The affected product, SIMATIC S7-300 CPU, is for process control in industrial environments. This product works across several sectors including chemical, energy, food and agriculture, and water and wastewater systems. Siemens said these products see use primarily in the United States and Europe with a small percentage in Asia.

Specially crafted packets sent to Port 102/TCP (ISO-TSAP) or via Profibus could cause the affected device to go into defect mode. A cold restart is mandatory to recover the system.

CVE-2015-2177 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be difficult.

Siemens recommends the following mitigations:
• Apply protection-level 3 (Read/Write protection)
• Apply cell protection concept
• Use VPN for protecting network communication between cells
• Apply Defense-in-Depth

For more information on these vulnerabilities and detailed instructions, please see Siemens Security Advisory SSA-987029.

Pin It on Pinterest

Share This