Closing an XXE Vulnerability in Siemens Industrial Solutions

US ICS-СERT has published an advisory on fixes for a vulnerability in Siemens industrial products using the Discovery Service of the OPC UA protocol stack.

The vulnerability was discovered in early 2017 by a Kaspersky Lab researcher and was registered as CVE-2017-12069. Exploiting the vulnerability enables an attacker to gain remote access to various system resources by sending specially crafted packets to the OPC Discovery Server at port 4840/TCP.

Siemens reports that the vulnerability affects the following SIMATIC industrial automation products:

• SIMATIC PCS 7 distributed control system;
• SIMATIC WinCC SCADA system;
• SIMATIC WinCC Runtime Professional HMI;
• SIMATIC NET PC Software, a networking solution;
• SIMATIC IT Production Suite, a software platform.

Siemens is currently working to close the vulnerability and develop security updates for the products listed above. Some of the updates have already been provided to customers for installation.

To reduce the risk of the vulnerability being exploited before the installation of security updates, Siemens recommends turning off the Discovery Service or blocking it on the local firewall, as well as protecting network access using network segmentation and VPN.