Your one-stop web resource providing safety and security information to manufacturers

Siemens has a new version to handle an uncontrolled resource consumption vulnerability in its SIMOCODE pro V EIP, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could cause a denial-of-service condition.

RELATED STORIES
Siemens Fixes Spectrum Power 4.7 Hole
Siemens Fixes SINEMA Remote Connect Holes
Siemens Updates RUGGEDCOM ROX II Firmware
Fix is in for Out-of-Bounds Hole in Siemens Lines

A motor management system for low-voltage motors, SIMOCODE pro V EIP all versions prior to v1.0.2 suffer from the issue.

In the vulnerability, specially crafted packets sent to Port 161/UDP could cause a denial-of-service condition. The affected devices must be restarted manually.

Cyber Security

CVE-2017-12741 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

Siemens recommends users upgrade to Version 1.0.2. Users who cannot upgrade because of hardware restrictions can apply the manual mitigations. Click here for updates.

Siemens also recommends users apply the following manual mitigations:

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security and following the recommendations in the product manuals.

Click here for additional information on industrial security for Siemens devices.

For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-141614.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Pin It on Pinterest

Share This