Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Patches Serious DoS Vulnerabilities in Several Products

Siemens’ Patch Tuesday updates for February 2020 address serious denial-of-service (DoS) vulnerabilities in several of the company’s products.

Siemens’ Patch Tuesday updates for February 2020 address serious denial-of-service (DoS) vulnerabilities in several of the company’s products.

The company has published a dozen new advisories describing vulnerabilities found in its products. Many of the security holes have been classified as high severity based on their CVSS score.

Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled. The vulnerability can be exploited by sending specially crafted messages to the targeted system over the network. The attack does not require system privileges or user interaction.

Some SIMATIC S7 CPUs are affected by a DoS vulnerability that can be exploited by an unauthenticated attacker by sending specially crafted HTTP requests to TCP ports 80 or 443. A successful attack leveraging this vulnerability will cause the device’s web server to enter a DoS condition.

In a separate advisory, Siemens said its S7-1500 CPUs are also affected by a DoS vulnerability, which can be exploited by sending specially crafted UDP packets to a device.

Siemens has informed customers that many of its products using Profinet-IO (PNIO) stack versions prior to 06.00 are vulnerable to DoS attacks due to “not properly limiting internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.”

In addition, two DoS bugs related to the handling of SNMP messages have been found to impact several Siemens industrial products.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference

Advertisement. Scroll to continue reading.

A DoS vulnerability has also been identified in SIPROTEC 4 and SIPROTEC Compact relays if they use EN100 Ethernet communication modules.

SIMATIC CP 1543-1 communication processors are affected by remote code execution and information disclosure vulnerabilities due to their use of the ProFTPD FTP server. The ProFTPD flaws were discovered last year.

Some of the German industrial giant’s SCALANCE X switches are affected by a clickjacking vulnerability, and SCALANCE S-600 devices contain flaws that can be exploited for XSS and DoS attacks.

Flaws have also been found in a component of the SSP Siveillance Access Suite and in the OZW Web Server used for building management. The OZW weakness allows an unauthenticated attacker to gain access to project files.

Siemens has started releasing patches for some of the affected products and it’s working on fixes for the remaining devices. In the meantime, users have been provided workarounds and mitigations.

One advisory published by Siemens this week informs customers that the company is working on BIOS updates that should address flaws caused by the use of Intel chips. The vulnerabilities in question were disclosed by Intel in November 2019.

Related: Undocumented Access Feature Exposes Siemens PLCs to Attacks

Related: Siemens Warns of Security Risks Associated With Use of ActiveX

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Check Point Software has appointed Nadav Zafrir as Chief Executive Officer

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

More People On The Move

Expert Insights