Siemens released updates to mitigate an improper input validation vulnerability in its SINAMIC S7-400 CPU, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could cause a denial-of-service condition of the CPU. The CPU will remain in DEFECT mode until a manual restart is performed.
The following versions of SIMATIC S7-400, a CPU used for process controls, suffer from the issue:
• SIMATIC S7-400 (incl. F) CPU all hardware versions prior to, including, hardware V4.0
• SIMATIC S7-400 (incl. F) CPU hardware V5.0 with firmware versions prior to V5.2
• SIMATIC S7-400H CPU all hardware versions prior to V4.5
In the vulnerability, the affected CPUs improperly validate S7 communication packets, which could cause a denial-of-service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.
Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and multi-point interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. This vulnerability could allow causing a denial-of-service condition of the core functionality of the CPU, compromising the availability of the system.
CVE-2018-4850 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees use mainly in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the issue.
Siemens released updates for several affected products and recommends users update to the new version:
• SIMATIC S7-400 (incl. F) CPU all hardware versions prior to, and including, hardware V4.0: Upgrade to hardware V5.0 or newer.
• SIMATIC S7-400 (incl. F) CPU hardware V5.0 with firmware versions prior to V5.2: Update to firmware V5.2 or newer.
• SIMATIC S7-400H CPU all hardware versions prior to V4.5: Upgrade to hardware V6.0 or newer.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens’ Operational Guidelines for Industrial Security and follow the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on this vulnerability and associated software updates, see Siemens security advisory SSA-914382.