Security Experts:

Siemens Warns of Linux, GNU Flaws in Controller Platform

Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities.

Siemens MFPOne year ago, Siemens announced the expansion of its SIMATIC S7-1500 controller portfolio with a new multifunctional platform that allows plants to run multiple applications on a controller by combining control and PC capabilities in a single device. Users can run C++ applications in real time, but the platform also allows customer-specific high-level language applications to be easily utilized. Siemens says it releases updates regularly to ensure that the devices are secure.

According to Siemens, some of the Linux and GNU components used by its CPU 1518(F)-4 PN/DP multifunctional platform contain 21 security holes that were patched in recent months. Specifically, the vulnerabilities impact the Linux kernel, the libxml2 XML parsing library, OpenSSH, and the GNU Binutils tools for creating, modifying and analyzing binary files.

Learn More About ICS Vulnerabilities at SecurityWeek’s ICS Cyber Security Conference

The 17 GNU Binutils vulnerabilities mentioned in Siemens’ advisory are, according to the company, relevant during buildtime. These are among the over two dozen Binutils vulnerabilities disclosed recently.

According to the individual advisories describing these vulnerabilities, a majority can be exploited by a remote attacker to cause a denial-of-service (DoS) condition using specially crafted files, but some of them could have a different impact as well – these other potential impacts have not been specified.

The Linux kernel vulnerabilities that expose the Siemens devices to attacks are CVE-2018-17972, which allows a local attacker to cause a DoS condition, and CVE-2018-17182, which can be exploited to cause a DoS condition and possibly for arbitrary code execution.

The libxml2 flaw also allows DoS attacks, while the OpenSSH weakness is related to user enumeration. The kernel, libxml2 and OpenSSH vulnerabilities are relevant during runtime, Siemens said.

Siemens says it’s currently working on firmware updates that should address these vulnerabilities. In the meantime, it has advised customers to apply defense-in-depth measures and avoid building and running applications on the impacted platform from untrusted sources.

Related: CVSS Scores Often Misleading for ICS Vulnerabilities

Related: Flaws in Siemens Tool Put ICS Environments at Risk

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.