Siemens has released firmware updates to address various security holes affecting some SCALANCE industrial switches and SIMATIC controllers.
SCALANCE switch vulnerabilities
According to advisories published by both ICS-CERT and Siemens, products of the SCALANCE X-300 switch family and SCALANCE X408 running firmware versions prior to 4.0 are affected by a couple of denial-of-service (DoS) vulnerabilities discovered and reported by Seattle, Washington-based Deja vu Security.
SCALANCE switches are used to connect industrial components such as human-machine interfaces (HMI) and programmable logic controllers (PLC). The devices are deployed all over the world in a wide range of industries, including chemical, communications, dams, critical manufacturing, energy, defense industrial base, and government facilities.
The first vulnerability affects the Web server found in SCALANCE switches. The flaw can be exploited by an unauthenticated attacker to cause the device to reboot by sending malformed HTTP requests to the server on Port 80/TCP or Port 443/TCP. However, for the attack to work, the attacker needs to be able to reach the HTTP interface over the network, ICS-CERT said in its advisory.
The bug has been assigned the CVE identifier CVE-2014-8478 and a CVSS v2 base score of 7.8.
The second vulnerability can allow an attacker to cause the device to reboot by sending specially crafted network packets to the switch’s FTP server. The attacker must be able to log in to the FTP server for the attack to work, Siemens said. A CVSS v2 base score of 6.8 and the CVE-2014-8479 identifier have been assigned to this flaw.
In both cases, the switches stop forwarding packets to connected devices until the reboot process is completed.
Both vulnerabilities can be exploited remotely even by an attacker with a low skill level. However, Siemens and ICS-CERT are not aware of any public exploits for the security holes.
Siemens advises organizations to update the firmware on affected SCALANCE switches to version 4.0, which addresses these vulnerabilities.
SIMATIC PLC vulnerabilities
In an advisory published on Wednesday, Siemens announced the release of firmware version 4.1 for the SIMATIC S7-1200 CPU. The update addresses a vulnerability (CVE-2015-1048) that can be leveraged by an attacker to redirect users to malicious websites.
The Siemens SIMATIC S7-1200 PLC family is used worldwide in manufacturing, food and beverage, chemical, and other industrial environments.
“The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to redirect users to untrusted web sites if unsuspecting users are tricked to click on a malicious link,” Siemens wrote in its advisory.
Siemens advises organizations to update the firmware on affected SIMATIC products. The company also recommends the operation of these devices only within trusted networks.
The flaw was reported to the vendor by Ralf Spenneberg, Hendrik Schwartke and Maik Brüggemann of Germany-based OpenSource Training.