(I)IoT Security News
News, Vulnerabilities

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update P)

1. EXECUTIVE SUMMARY

2. UPDATE INFORMATION

This updated advisory is a follow-up to the updated advisory titled ICSA-17-129-02 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update O) that was published February 5, 2019, on the ICS webpage on us-cert.gov.

3. RISK EVALUATION

Successful exploitation of these vulnerabilities could cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

Siemens reports that these vulnerabilities affect the following products using PROFINET DCP:

——— Begin Update P Part 1 of 2 ———

——— End Update P Part 1 of 2 ———

4.2 VULNERABILITY OVERVIEW

4.2.1 IMPROPER INPUT VALIDATION CWE-20

Specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVE-2017-2680 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.2.2 IMPROPER INPUT VALIDATION CWE-20

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial-of-service condition in that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.

CVE-2017-2681 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.3 BACKGROUND

4.4 RESEARCHER

Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported these vulnerabilities directly to Siemens.

5. MITIGATIONS

The attacker must have network access to the local Ethernet segment (Layer 2).

Siemens strongly recommends verifying the affected products are protected as described in the PROFINET Security Guidelines and Siemens Operational Guidelines to run the devices in a protected IT environment.

Siemens provides firmware updates fixing the vulnerabilities for the following affected products and recommends users update to the new fixed version:

https://support.industry.siemens.com/cs/ww/en/view/109756088

https://support.industry.siemens.com/cs/ww/en/view/109745387

https://support.industry.siemens.com/cs/ww/en/view/109745388

https://support.industry.siemens.com/cs/ww/en/view/109757489 

https://support.industry.siemens.com/cs/ww/en/view/109744924

https://support.industry.siemens.com/cs/ww/en/view/109749255

https://support.industry.siemens.com/cs/ww/en/view/109747253

https://support.industry.siemens.com/cs/ww/en/view/109743740

https://support.industry.siemens.com/cs/ww/en/view/109743058

https://support.industry.siemens.com/cs/ww/en/view/109752018

https://support.industry.siemens.com/cs/ww/en/view/109755950

https://support.industry.siemens.com/cs/ww/en/view/109748080

https://support.industry.siemens.com/cs/ww/en/view/109747276

https://support.industry.siemens.com/cs/ww/en/view/109748934

https://support.industry.siemens.com/cs/ww/en/view/109748937

https://support.industry.siemens.com/cs/ww/en/view/109744953

https://support.industry.siemens.com/cs/ww/en/view/109750006

https://support.industry.siemens.com/cs/ww/en/view/109747482

https://support.industry.siemens.com/cs/ww/en/view/109744504

https://support.industry.siemens.com/cs/ww/en/view/102295547

https://support.industry.siemens.com/cs/ww/en/view/79207181

https://support.industry.siemens.com/cs/ww/en/view/109479281

https://support.industry.siemens.com/cs/de/de/view/78648144

https://support.industry.siemens.com/cs/ww/en/view/109754281

https://support.industry.siemens.com/cs/ww/en/view/78647504

https://support.industry.siemens.com/cs/us/en/view/93012181

https://support.industry.siemens.com/cs/document/109753683

https://support.industry.siemens.com/cs/de/de/view/78648144

https://support.industry.siemens.com/cs/ww/en/view/85624387

https://support.industry.siemens.com/cs/de/en/view/109749637

Updates for Development/Evaluation Kits for PROFINET IO can be obtained via ComDeC at comdec@siemens.com or pic.industry@siemens.com

https://w3.siemens.com/aspa_app/

https://support.industry.siemens.com/cs/ww/de/ps/13752/dl or

https://support.industry.siemens.com/cs/ww/en/ps/13752/dl

https://support.industry.siemens.com/cs/de/en/view/109474874

https://support.industry.siemens.com/cs/ww/en/view/109752685

https://support.industry.siemens.com/cs/document/109474550

https://support.industry.siemens.com/cs/ww/en/view/109476571

https://support.industry.siemens.com/cs/ww/en/view/109741461

https://support.industry.siemens.com/cs/ww/en/view/109478459

https://support.industry.siemens.com/cs/ww/en/view/109478528

——— Begin Update P Part 2 of 2 ———

——— End Update P Part 2 of 2 ———

https://support.industry.siemens.com/cs/ww/en/view/109765109

https://support.industry.siemens.com/cs/ww/en/view/44029688

https://support.industry.siemens.com/cs/ww/en/view/109474935

https://support.industry.siemens.com/cs/ww/en/view/109482659

https://support.industry.siemens.com/cs/ww/en/view/103433117

https://support.industry.siemens.com/cs/ww/en/view/109742040

https://support.industry.siemens.com/cs/de/en/view/109474320

https://support.industry.siemens.com/cs/de/en/view/92522512

https://support.industry.siemens.com/cs/de/en/view/109740193

https://support.industry.siemens.com/cs/ww/en/view/103433117

https://support.industry.siemens.com/cs/ww/en/view/109742040

https://support.industry.siemens.com/cs/document/109746210

https://support.industry.siemens.com/cs/ww/en/view/109749989

https://support.industry.siemens.com/cs/ww/en/view/109742328

https://support.industry.siemens.com/cs/us/en/view/109761576

Siemens is preparing updates for the remaining affected products and recommends the following mitigations in the meantime:

As a general security measure Siemens and PNO strongly recommend protecting industrial control systems networks with appropriate mechanisms. Siemens encourages users to verify that the affected products are protected as described in PNO Security Guidelines and Siemens operational guidelines to run the devices in a protected IT environment.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-293562 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

 

Source:

https://www.us-cert.gov/ics/advisories/ICSA-17-129-02

 

 

Related posts

CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild

(I) IoT
6 years ago

3ve – Major Online Ad Fraud Operation

(I) IoT
6 years ago

IDEC CORPORATION WindLDR and WindO/I-NV4

(I) IoT
2 months ago
Exit mobile version