Siemens has a new version to handle an unprotected storage of credentials hole in its SIMATIC STEP 7 (TIA Portal), according to a report with NCCIC.
Successful exploitation of this vulnerability, which Siemens self-reported, could allow an attacker to reconstruct passwords.
SIMATIC STEP 7 (TIA Portal): All versions prior to 15.1 suffer from the issue.
In the vulnerability, password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. This vulnerability could allow the attacker to obtain certain passwords from the project.
CVE-2018-13811 has been assigned to this vulnerability, which has a CVSS v3 base score of 4.0.
The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.
An attacker with low skill level could leverage the vulnerability.
Siemens recommends users update to Version 15.1.
Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Restrict network access to the engineering station and project storage to trusted sources
• Restrict access to project files on the engineering station and project storage to trusted users
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-621493.