26 March 2018

Improper Input Validation vulnerability in Siemens industrial devices

A vulnerability has been identified in Siemens industrial solutions, which could cause a denial-of-service condition. If successfully exploited, the equipment must be manually restarted to recover the system.

The vulnerability affects the following Siemens products:

  • SIMATIC CP 343-1 Advanced: all versions,
  • SIMATIC CP 343-1 Standard: all versions,
  • SIMATIC CP 443-1 Advanced: all versions,
  • SIMATIC CP 443-1 Standard: all versions,
  • SIMATIC S7-1500 Software Controller incl. F: all versions prior to V1.7.0,
  • SIMATIC S7-1500, incl. F: all versions prior to V1.7.0,
  • SIMATIC S7-300, incl. F and T: all versions,
  • SIMATIC S7-400 H V6: all versions,
  • SIMATIC S7-400 PN/DP V6, incl. F: all versions prior to V6.0.7,
  • SIMATIC S7-400 PN/DP V7, incl. F: all versions,
  • SIMATIC S7-410: all versions prior to V8.1,
  • SIMATIC WinAC RTX 2010, incl. F: all versions,
  • SINUMERIK 828D: all versions,
  • SINUMERIK 840D sl: all versions, and
  • Softnet PROFINET IO for PC-based Windows systems: all versions.

The CVE-2018-4843 Improper Input Validation vulnerability could enable an attacker to cause a denial-of-service condition of a target system by sending a specially crafted PROFINET DCP packet in response to its request.

The vulnerability has a CVSS v3.0 base score of 5.3. Its exploitation is possible if the attacker is located on the same Ethernet segment as the targeted device.

Updates that close the vulnerability are already available for some of the vulnerable devices and the vendor is developing patches for the remaining devices. To reduce the risk, Siemens recommends taking the following measures:

  • apply cell protection concept;
  • use VPN to protect network communication between cells;
  • apply defense-in-depth.

Source: Siemens