Security Experts:

Siemens Fixes Vulnerabilities in Several ICS Products

Siemens has produced updates to address security flaws in several of the company’s solutions. ICS-CERT and Siemens have published a total of five advisories providing information on the vulnerabilities.

Ivan Sanchez from WiseSecurity Team has discovered a search path flaw (CVE-2015-1594) impacting Siemens SIMATIC ProSave (versions prior to V13 SP1), SIMOTION Scout (versions prior to V4.4), STARTER (versions prior to V4.4 HF3), SIMATIC CFC (versions prior to V8.0 SP4), SIMATIC STEP 7 V5.5, and SIMATIC PCS 7 (versions prior to V8.0 SP2).

The vulnerability can be exploited by a malicious actor to execute arbitrary code with the privileges of the user running the impacted products. The arbitrary code can be executed from files located on the local file system or in connected network shares so the attacker must be able to trick the user into opening the malformed file.

Davide Peruzzi of GoSecure! has identified a denial-of-service (DoS) vulnerability affecting SPC Controllers, hybrid physical intrusion detection and access control systems. The flaw (CVE-2014-9369) affects SPC Controllers of the SPC4000, SPC5000 and SPC6000 series, versions prior to 3.6.0.

An attacker with network access can cause the devices to restart by sending specially crafted packets to the Web interface.

Researchers at the Freie Universität Berlin in Germany reported a DoS flaw (CVE-2015-2177) affecting all versions of the SIMATIC S7-300 CPU family. An attacker with network access to the affected device can cause the system to go into defect mode by sending specially crafted packets to Port 102/TCP (ISO-TSAP) or via Profibus.

Siemens advises organizations to mitigate the vulnerability by using VPNs to protect network communications between cells, apply the cell protection concept described in the company’s operational guidelines for industrial security, apply read/write protection, and apply defense-in-depth recommendations.

SPCanywhere, the mobile application that allows users to access Siemens SPC intrusion alarm systems remotely via a mobile phone, is plagued by several flaws. The list includes missing encryption of sensitive data (CVE-2015-1595, CVE-2015-1596), storing passwords in a recoverable format (CVE-2015-1598), improper cross-boundary removal of sensitive data (CVE-2015-1597), and an authentication bypass issue (CVE-2015-1599). The vulnerabilities affect all versions of both the Android and the iOS apps.

Siemens has addressed the bugs with the release of a new mobile application called SPC Connect.

There is no evidence to suggest that any of these vulnerabilities have been exploited in the wild, ICS-CERT said.

Siemens has also published an advisory to notify customers that several of the company’s products are affected by the recently disclosed weakness in the Linux glibc library. The vulnerability, dubbed “Ghost,” impacts SINUMERIK and SIMATIC HMI Basic applications. The RUGGEDCOM APE utility-grade computing platform is not affected in its default configuration, but certain installed components and user configurations can make the product vulnerable, Siemens said.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.