Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Warns of Linux, GNU Flaws in Controller Platform

Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities.

Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities.

Siemens MFPOne year ago, Siemens announced the expansion of its SIMATIC S7-1500 controller portfolio with a new multifunctional platform that allows plants to run multiple applications on a controller by combining control and PC capabilities in a single device. Users can run C++ applications in real time, but the platform also allows customer-specific high-level language applications to be easily utilized. Siemens says it releases updates regularly to ensure that the devices are secure.

According to Siemens, some of the Linux and GNU components used by its CPU 1518(F)-4 PN/DP multifunctional platform contain 21 security holes that were patched in recent months. Specifically, the vulnerabilities impact the Linux kernel, the libxml2 XML parsing library, OpenSSH, and the GNU Binutils tools for creating, modifying and analyzing binary files.

Learn More About ICS Vulnerabilities at SecurityWeek’s ICS Cyber Security Conference

The 17 GNU Binutils vulnerabilities mentioned in Siemens’ advisory are, according to the company, relevant during buildtime. These are among the over two dozen Binutils vulnerabilities disclosed recently.

According to the individual advisories describing these vulnerabilities, a majority can be exploited by a remote attacker to cause a denial-of-service (DoS) condition using specially crafted files, but some of them could have a different impact as well – these other potential impacts have not been specified.

The Linux kernel vulnerabilities that expose the Siemens devices to attacks are CVE-2018-17972, which allows a local attacker to cause a DoS condition, and CVE-2018-17182, which can be exploited to cause a DoS condition and possibly for arbitrary code execution.

Advertisement. Scroll to continue reading.

The libxml2 flaw also allows DoS attacks, while the OpenSSH weakness is related to user enumeration. The kernel, libxml2 and OpenSSH vulnerabilities are relevant during runtime, Siemens said.

Siemens says it’s currently working on firmware updates that should address these vulnerabilities. In the meantime, it has advised customers to apply defense-in-depth measures and avoid building and running applications on the impacted platform from untrusted sources.

Related: CVSS Scores Often Misleading for ICS Vulnerabilities

Related: Flaws in Siemens Tool Put ICS Environments at Risk

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.