03 April 2018

DoS vulnerability in Siemens SIMATIC products

An Improper Input Validation vulnerability has been identified in Siemens SIMATIC industrial automation products. The vulnerability can be exploited by a remote attacker to cause a denial-of-service condition on remote and local communication functionality of the affected products, requiring a system reboot to recover.

According to a security advisory published by Siemens, the vulnerability affects the following products:

  • SIMATIC PCS 7 distributed control system, including SIMATIC Batch, SIMATIC Route Control, and OpenPCS7;
  • SIMATIC WinCC SCADA system and engineering software;
  • SIMATIC WinCC Runtime Professional software visualization system;
  • SIMATIC NET PC Software.

A CVSS v.3.0 base score of 7.5 has been calculated for the security flaw, which has been assigned the ID CVE-2018-4832. The vulnerability allows an attacker to cause a denial-of-service condition on product communication functionality by sending specially crafted messages to the RPC service of the affected products.

The vulnerability was identified by an independent researcher and reported to the vendor in a coordinated disclosure organized by Kaspersky Lab ICS CERT experts.

Updates that close the vulnerability for some of the products affected by it have been made available on the Siemens website. The company is developing patches for the remaining products. Until the relevant updates are installed, Siemens recommends that users take the following measures:

  • ensure that SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC PCS 7 stations communicate via encrypted channels;
  • apply cell protection concept;
  • use VPN to protect network communication between cells;
  • apply Defense-in-Depth.

Sources: ICS-CERT, Siemens