Siemens Patches Serious DoS Vulnerabilities in Several Products

Siemens’ Patch Tuesday updates for February 2020 address serious denial-of-service (DoS) vulnerabilities in several of the company’s products.

The company has published a dozen new advisories describing vulnerabilities found in its products. Many of the security holes have been classified as high severity based on their CVSS score.

Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled. The vulnerability can be exploited by sending specially crafted messages to the targeted system over the network. The attack does not require system privileges or user interaction.

Some SIMATIC S7 CPUs are affected by a DoS vulnerability that can be exploited by an unauthenticated attacker by sending specially crafted HTTP requests to TCP ports 80 or 443. A successful attack leveraging this vulnerability will cause the device’s web server to enter a DoS condition.

In a separate advisory, Siemens said its S7-1500 CPUs are also affected by a DoS vulnerability, which can be exploited by sending specially crafted UDP packets to a device.

Siemens has informed customers that many of its products using Profinet-IO (PNIO) stack versions prior to 06.00 are vulnerable to DoS attacks due to “not properly limiting internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.”

In addition, two DoS bugs related to the handling of SNMP messages have been found to impact several Siemens industrial products.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference

A DoS vulnerability has also been identified in SIPROTEC 4 and SIPROTEC Compact relays if they use EN100 Ethernet communication modules.

SIMATIC CP 1543-1 communication processors are affected by remote code execution and information disclosure vulnerabilities due to their use of the ProFTPD FTP server. The ProFTPD flaws were discovered last year.

Some of the German industrial giant’s SCALANCE X switches are affected by a clickjacking vulnerability, and SCALANCE S-600 devices contain flaws that can be exploited for XSS and DoS attacks.

Flaws have also been found in a component of the SSP Siveillance Access Suite and in the OZW Web Server used for building management. The OZW weakness allows an unauthenticated attacker to gain access to project files.

Siemens has started releasing patches for some of the affected products and it’s working on fixes for the remaining devices. In the meantime, users have been provided workarounds and mitigations.

One advisory published by Siemens this week informs customers that the company is working on BIOS updates that should address flaws caused by the use of Intel chips. The vulnerabilities in question were disclosed by Intel in November 2019.

Related: Undocumented Access Feature Exposes Siemens PLCs to Attacks

Related: Siemens Warns of Security Risks Associated With Use of ActiveX