Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Siemens Patches Flaws in Automation, Power Distribution Products

Siemens customers were informed last week that some of the company’s automation and power distribution products are affected by vulnerabilities that can be exploited for denial-of-service (DoS) attacks and session hijacking.

Siemens customers were informed last week that some of the company’s automation and power distribution products are affected by vulnerabilities that can be exploited for denial-of-service (DoS) attacks and session hijacking.

Sergey Temnikov of Kaspersky Lab discovered that several Siemens products using the Discovery Service of the OPC UA protocol stack are exposed to remote attacks due to a security flaw described by ICS-CERT as an improper restriction of XML external entity (XXE) reference issue.

The vulnerability exists in the OPC Foundation’s OPC UA .NET sample code and older versions of the Local Discovery Service (LDS). A remote attacker can exploit the security hole to trick the .NET libraries used by LDS and OPC UA servers into accessing arbitrary network resources, which can lead to a DoS condition.

The flaw is tracked as CVE-2017-12069 and it has been assigned a CVSS score of 8.2. It affects various versions of the Siemens SIMATIC PCS 7 distributed control system (DCS), SIMATIC WinCC supervisory control and data acquisition (SCADA) system, the SIMATIC WinCC Runtime Professional human-machine interface (HMI), the SIMATIC NET PC software, and the SIMATIC IT Production Suite.

The vendor has released updates for some of the affected products and advised users to disable the OPC UA LDS if not needed. The company noted that some OPC applications can work even without this service.

While ICS-CERT claims there is no evidence of public exploits targeting the vulnerability, the OPC Foundation’s own advisory lists the flaw as being exploited.

Related: Learn More at SecurityWeek’s 2017 ICS Cyber Security Conference

High severity vulnerabilities have also been found in the Siemens LOGO! universal logic module. The product, designed for small-scale automation tasks, is used worldwide, particularly in commercial facilities and transportation systems.

Siemens LOGO!8 BM devices are affected by a vulnerability that allows a network attacker to obtain an active user’s session ID and hijack their session (CVE-2017-12734), and a weakness that can be leveraged by a man-in-the-middle (MitM) attacker to decrypt and modify network traffic (CVE-2017-12735).

The insufficiently protected credentials issue was discovered by researcher Maxim Rupp, who has found numerous vulnerabilities in ICS products in the past years. This problem was addressed by the vendor with the release of firmware version 1.81.2. The MitM flaw can be mitigated by implementing various security measures.

A third advisory published by Siemens and ICS-CERT last week describes a medium severity flaw affecting Switched Ethernet PROFINET expansion modules for 7KM PAC measuring devices.

The security hole, discovered by Siemens itself, can be exploited by a network attacker to cause a DoS condition by sending a specially crafted PROFINET DCP packet as a local ethernet broadcast.

Siemens patched the vulnerability with the release of firmware version 2.1.3.

Related: Siemens Patches Flaws in SIMATIC, XHQ Products

Related: Vulnerabilities Found in Siemens Building Tech, Smart Grid Products

Related: Exploited Windows Flaws Affect Siemens Medical Imaging Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.