Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Siemens Patches DoS, Other Vulnerabilities in SIMATIC HMI Products

Researchers have identified three vulnerabilities in Siemens’ SIMATIC HMI devices. The German engineering giant has started releasing software updates to address the security holes in affected products.

Researchers have identified three vulnerabilities in Siemens’ SIMATIC HMI devices. The German engineering giant has started releasing software updates to address the security holes in affected products.

The most severe of the issues is a resource exhaustion vulnerability (CVE-2015-2822) that can be leveraged by an attacker positioned between the HMI panel and a programmable logic controller (PLC) to cause a denial-of-service (DoS) condition in the HMI panel. The flaw can be exploited by sending specially crafted packets on TCP port 102, ICS-CERT and Siemens explained in advisories.

The fact that a malicious actor can launch this kind of man-in-the-middle (MitM) attack by positioning himself on the network path between a PLC and its communication partner is a separate vulnerability that has been assigned the CVE identifier CVE-2015-1601. An attacker can leverage this vulnerability to intercept or modify industrial communications, Siemens said.

The third flaw is related to authentication (CVE-2015-2823). Researchers have discovered that users can authenticate themselves not just with the actual passwords, but with the password hashes as well.

“If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves,” ICS-CERT explained.

The remotely exploitable vulnerabilities affect SIMATIC HMI Basic Panels (1st and 2nd generation), HMI Comfort Panels, WinCC Runtime Advanced, WinCC Runtime Professional, HMI Mobile Panels, HMI Multi Panels, NET PC-Software (V12 and V13), WinCC V7.x, and the SIMATIC Automation Tool. These products are used for controlling and monitoring machines and plants, communications between controllers and PC-based solutions, and controlling and monitoring physical processes.

Siemens has released updates for most of the impacted products. The company says it’s currently preparing patches for SIMATIC HMI Basic Panels 1st Generation, HMI Mobile Panel 277, and HMI Multi Panels.

Until the fixes become available, organizations are advised to apply defense-in-depth recommendations, use VPNs to protect network communications, and apply the cell protection concept described in Siemens’ operational guidelines for industrial security. Since two of the vulnerabilities can be exploited through port 102/TCP, ICE-CERT recommends blocking all external traffic to that port.

The MitM and resource exhaustion vulnerabilities were reported to Siemens by the Quarkslab team. The authentication bug was identified by Ilya Karpov of Positive Technologies.

Related: Learn More At the ICS Cyber Security Conference

Related: Siemens Fixes Vulnerabilities in Several ICS Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.