Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Recently Patched NTP Flaws Affect Siemens RUGGEDCOM Devices

Siemens’ RUGGEDCOM industrial communications devices are plagued by several recently patched network time protocol (NTP) vulnerabilities.

Siemens’ RUGGEDCOM industrial communications devices are plagued by several recently patched network time protocol (NTP) vulnerabilities.

According to advisories published by Siemens and ICS-CERT, the vulnerabilities impact devices running all versions of the ROX I rugged operating system and ROX II versions prior to 2.9.0. Siemens says the devices, which are used in harsh environments such as electric utility substations and traffic control cabinets, could be affected if they are configured to use the NTP daemon from ntp.org for time synchronization.Ruggedcom NTP vulnerabilities

One of the vulnerabilities, which only affects ROX II-based RUGGEDCOM devices, is an authentication bypass issue (CVE-2015-7871) that can be exploited by an attacker to get the NTP daemon to accept time updates from nonspecified NTP servers by sending specially crafted UDP packets to the service.

Another flaw, described by ICS-CERT as an improper input validation issue (CVE-2015-7855), can be exploited by an attacker to crash the NTP daemon by sending specially crafted UDP packets.

Two other vulnerabilities, which according to Siemens affect only the NTP client, can be leveraged to prevent a device from fetching time updates from its configured time servers (CVE-2015-7704), and under certain circumstances modify the time on a device (CVE-2015-5300).

These security holes were identified by researchers at Cisco, IDA and Boston University.

Siemens has released firmware update 2.9.0 to address the flaws on ROX II devices. This update also patches the TLS vulnerability known as POODLE in ROX II devices.

As a workaround, the vendor recommends using firewalls to block NTP packets from unknown sources, and using NTP time synchronization only in trusted networks.

Users are also advised to ensure that the NTP configuration file contains the “noquery” flag for all nonlocal restrict statements, or deactivate the NTP service altogether if it’s not required.

Advertisement. Scroll to continue reading.

Siemens has also pointed out that the NTP service is deactivated by default on both RUGGEDCOM ROX I and ROX II devices.

“If NTP is activated by the user, the configuration on ROX II (starting from version 2.6.0) and ROX I (all versions) by default contain the ‘restrict default noquery’ configuration which mitigates vulnerability [CVE-2015-7855]. Any additional restrict commands for non-local addresses should also have the ‘noquery’ flag set,” Siemens said.

The vulnerabilities affecting Siemens RUGGEDCOM devices were among the dozen security holes patched by the Network Time Foundation’s NTP Project on October 21 with the release of ntp-4.2.8p4.

Related: Siemens Patches Vulnerabilities in SIPROTEC, SIMATIC, RUGGEDCOM Products

Related: Siemens Fixes Vulnerabilities in Several ICS Products

Related: Siemens Patches Vulnerability in RUGGEDCOM Switches

Learn More at the ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.