Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Releases Firmware Updates to Patch SIMATIC Flaws

Siemens has released firmware updates for some of its SIMATIC communications processors and controllers to address several medium-severity vulnerabilities discovered by researchers from various organizations.

Siemens has released firmware updates for some of its SIMATIC communications processors and controllers to address several medium-severity vulnerabilities discovered by researchers from various organizations.

The vendor disclosed the flaws in two advisories published on its website in the past few days. One of the advisories describes a couple of issues affecting SIMATIC S7-300 and S7-400 controllers, and SIMATIC CP 343-1 and CP 443-1 Advanced communication processors. The CP products are used to connect S7 devices to industrial Ethernet systems.

According to Siemens, the affected devices have an integrated web server on port 80/TCP or port 443/TCP, which allows a remote attacker to perform actions with the privileges of an authenticated user. The attack only works if the victim can be convinced to trigger a specially crafted request.

Another vulnerability is related to the web server delivering cookies without the “secure” flag. Browsers are designed to prevent the transmission of a cookie over an unencrypted channel if this flag is set. A similar issue was found recently in SCALANCE M-800 industrial routers and S615 firewalls.

These flaws have been discovered by Inverse Path auditors in collaboration with the Airbus ICT Industrial Security team. Siemens released firmware version 3.0.53 to patch the flaws in CP 343-1 products and provided mitigations for the other affected devices.

The second advisory published by Siemens describes two vulnerabilities affecting SIMATIC CP 1543-1 communications processors, which connect S7-1500 controllers to Ethernet networks. The CP is designed to protect S7-1500 stations against unauthorized access and it includes various security functions, including firewalls, VPNs and support for data encryption protocols.

The product has a flaw that allows an attacker with elevated privileges in the TIA Portal on the engineering workstation to obtain privileged access to affected devices. Siemens also warned customers of an issue that can be used to cause a denial-of-service (DoS) condition.

The flaws affect versions of the firmware prior to 2.0.28, which patches the issues. Siemens has credited SOGETI and France’s agence nationale de la sécurité des systèmes d’information (ANSSI) for reporting these security holes.

Related: Siemens Patches Flaws in SIMATIC, License Manager Products

Related: Privilege Escalation Flaw Affects Several Siemens Products

Related: Siemens Patches Flaws in Industrial Automation Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

ICS/OT

Serious vulnerabilities found in Econolite EOS traffic controller software can be exploited to control traffic lights, but the flaws remain unpatched.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.