Siemens has firmware updates to fix an improper input validation vulnerability in its industrial products, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, discovered by George Lashenko of CyberX, may allow a remote attacker to conduct a denial-of-service (DoS) attack.

Siemens Updates Mitigation for KRACK Holes
Siemens Fixes SWT3000 Firmware
Ethicon Endo-Surgery Clears Vulnerability
Siemens has Mitigations for SCALANCE Holes

Siemens said vulnerability affects the following industrial products:
• SIMATIC S7-200 Smart: All versions prior to V2.03.01
• SIMATIC S7-400 PN V6: All versions prior to V6.0.6
• SIMATIC S7-400 H V6: All versions
• SIMATIC S7-400 PN/DP V7: All versions
• SIMATIC S7-410 V8: All versions
• SIMATIC S7-300: All versions
• SIMATIC S7-1200: All versions
• SIMATIC S7-1500: All versions
• SIMATIC S7-1500 Software Controller: All versions
• SIMATIC WinAC RTX 2010 incl. F: All versions
• SIMATIC ET 200 Interface modules for PROFINET IO:
— SIMATIC ET 200AL: All versions
— SIMATIC ET 200ecoPN: All versions
— SIMATIC ET 200M: All versions
— SIMATIC ET 200MP: All versions
— SIMATIC ET 200pro: All versions
— SIMATIC ET 200S: All versions
— SIMATIC ET 200SP: All versions
• Development/Evaluation Kits for PROFINET IO:
— DK Standard Ethernet Controller: All versions
— EK-ERTEC 200P: All versions prior to V4.5
— EK-ERTEC 200 PN IO: All versions
• SIMOTION Firmware:
— SIMOTION D: All versions prior to V5.1 HF1
— SIMOTION C: All versions prior to V5.1 HF1
— SIMOTION P: All versions prior to V5.1 HF1
— SINAMICS DCM: All versions
— SINAMICS DCP: All versions
— SINAMICS G110M / G120(C/P/D) w. PN: All versions prior to V4.7 SP9 HF1
— SINAMICS G130 and G150: All versions
— SINAMICS S110 w. PN: All versions
— SINAMICS S120: All versions
**V4.7: All versions
**V4.8: All versions
— SINAMICS V90 w. PN: All versions
• SINUMERIK 840D sl: All versions
• SIMATIC Compact Field Unit: All versions
• SIMATIC PN/PN Coupler: All versions
• SIMOCODE pro V PROFINET : All versions
• SIRIUS Soft starter 3RW44 PN: All versions

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Bold

Specially crafted packets sent to Port 161/UDP could cause a denial-of-service condition. The affected devices must be restarted manually.

CVE-2017-12741 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The products see use in the commercial facilities, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. The products also see action on a global basis.

Siemens provided firmware updates for the following products to fix the vulnerability:
• SIMATIC S7-200 Smart: Update to V2.03.01

• SIMATIC S7-400 PN V6: Update to V6.0.6
• EK-ERTEC 200P: Update to V4.5
• SIMOTION D: Update to V5.1 HF1
• SIMOTION C: Update to V5.1 HF1
• SIMOTION P320-4: Update to V5.1 HF1
Please contact a Siemens representative for information on how to obtain the update.
• SINAMICS G110M / G120(C/P/D): Update to V4.7 SP9 HF1

Siemens is preparing further updates and recommends the following mitigations until patches are available:
1. Disable SNMP if this is supported by the product (refer to the product documentation)
2. Disabling SNMP fully mitigates the vulnerability
3. Protect network access to Port 161/UDP of affected devices
4. Apply cell protection concept
5. Use VPN for protecting network communication between cells
6. Apply Defense-in-Depth

Siemens recommends users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.

For more information on the vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-346262.

Pin It on Pinterest

Share This