Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Recently Patched NTP Flaws Affect Siemens RUGGEDCOM Devices

Siemens’ RUGGEDCOM industrial communications devices are plagued by several recently patched network time protocol (NTP) vulnerabilities.

Siemens’ RUGGEDCOM industrial communications devices are plagued by several recently patched network time protocol (NTP) vulnerabilities.

According to advisories published by Siemens and ICS-CERT, the vulnerabilities impact devices running all versions of the ROX I rugged operating system and ROX II versions prior to 2.9.0. Siemens says the devices, which are used in harsh environments such as electric utility substations and traffic control cabinets, could be affected if they are configured to use the NTP daemon from ntp.org for time synchronization.Ruggedcom NTP vulnerabilities

One of the vulnerabilities, which only affects ROX II-based RUGGEDCOM devices, is an authentication bypass issue (CVE-2015-7871) that can be exploited by an attacker to get the NTP daemon to accept time updates from nonspecified NTP servers by sending specially crafted UDP packets to the service.

Another flaw, described by ICS-CERT as an improper input validation issue (CVE-2015-7855), can be exploited by an attacker to crash the NTP daemon by sending specially crafted UDP packets.

Two other vulnerabilities, which according to Siemens affect only the NTP client, can be leveraged to prevent a device from fetching time updates from its configured time servers (CVE-2015-7704), and under certain circumstances modify the time on a device (CVE-2015-5300).

These security holes were identified by researchers at Cisco, IDA and Boston University.

Siemens has released firmware update 2.9.0 to address the flaws on ROX II devices. This update also patches the TLS vulnerability known as POODLE in ROX II devices.

As a workaround, the vendor recommends using firewalls to block NTP packets from unknown sources, and using NTP time synchronization only in trusted networks.

Users are also advised to ensure that the NTP configuration file contains the “noquery” flag for all nonlocal restrict statements, or deactivate the NTP service altogether if it’s not required.

Siemens has also pointed out that the NTP service is deactivated by default on both RUGGEDCOM ROX I and ROX II devices.

“If NTP is activated by the user, the configuration on ROX II (starting from version 2.6.0) and ROX I (all versions) by default contain the ‘restrict default noquery’ configuration which mitigates vulnerability [CVE-2015-7855]. Any additional restrict commands for non-local addresses should also have the ‘noquery’ flag set,” Siemens said.

The vulnerabilities affecting Siemens RUGGEDCOM devices were among the dozen security holes patched by the Network Time Foundation’s NTP Project on October 21 with the release of ntp-4.2.8p4.

Related: Siemens Patches Vulnerabilities in SIPROTEC, SIMATIC, RUGGEDCOM Products

Related: Siemens Fixes Vulnerabilities in Several ICS Products

Related: Siemens Patches Vulnerability in RUGGEDCOM Switches

Learn More at the ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.

ICS/OT

Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that...