Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels

Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.

Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.

SIMATIC HMI panels are designed for operator control and the monitoring of machines and plants.Siemens SIMATIC HMI vulnerability

Ta-Lun Yen, a researcher at TXOne Networks, an IIoT security-focused joint venture between Trend Micro and Moxa, discovered that these products are affected by a missing authentication issue related to the Telnet service. Affected devices that have Telnet enabled do not require any authentication, allowing a remote attacker to gain full access to a device, Siemens said.

The German industrial giant said the vulnerability (CVE-2020-15798) impacts SIMATIC HMI Comfort Panels, including SIPLUS products designed for extreme conditions, and SIMATIC HMI KTP Mobile Panels. Patches are included in v16 update 3a and later. All previous versions are affected.

In addition to installing the available patches, organizations can disable Telnet to prevent potential attacks exploiting this vulnerability. Siemens pointed out that Telnet is not enabled by default on the impacted devices.

TXOne’s Yen told SecurityWeek that he has not identified many devices that can be targeted from the internet, but noted that there may be some configurations that make them reachable over the intranet.

According to the researcher, an attacker could exploit the vulnerability to use the HMI as a foothold in the targeted network — the devices run Windows CE and he says there is no endpoint protection available.

He also believes an attacker could use the compromised HMI device to reach other systems, such as sensors and PLCs, or to disable them by sending them “weird values.” An attacker could also display inaccurate information in the HMI to avoid raising suspicion while they conduct other malicious activities that could cause damage to an industrial organization.

Yen said the vulnerability can also be leveraged to brick a device and temporarily prevent the operator from interacting with factory processes. It’s also possible to abuse the HMI for cryptocurrency mining, but this scenario is unlikely as it’s economically unfeasible, the researcher noted.

Advertisement. Scroll to continue reading.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also published an advisory to warn industrial organizations about the risk posed by this flaw. Trend Micro’s Zero Day Initiative (ZDI), which along with CISA helped coordinate disclosure, will also publish an advisory for this vulnerability in the upcoming period.

Related: Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Related: Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks

Related: Siemens, Schneider Electric Address Serious Vulnerabilities in ICS Products

Related: Open Source Tool Helps Secure Siemens PCS 7 Control Systems

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.