(I)IoT Security News
ICS, News, Vulnerabilities

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update Q)

Siemens devices using the PROFINET Discovery and Configuration Protocol

1. EXECUTIVE SUMMARY

2. UPDATE INFORMATION

This updated advisory is a follow-up to the updated advisory titled ICSA-17-129-02 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update P) that was published October 8, 2019, on the ICS webpage on us-cert.gov.

3. RISK EVALUATION

Successful exploitation of these vulnerabilities could cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

Siemens reports that these vulnerabilities affect the following products using PROFINET DCP:

——— Begin Update Q Part 1 of 2 ———

——— End Update Q Part 1 of 2 ———

4.2 VULNERABILITY OVERVIEW

4.2.1 IMPROPER INPUT VALIDATION CWE-20

Specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVE-2017-2680 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.2.2 IMPROPER INPUT VALIDATION CWE-20

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial-of-service condition in that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.

CVE-2017-2681 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.3 BACKGROUND

4.4 RESEARCHER

Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported these vulnerabilities directly to Siemens.

5. MITIGATIONS

The attacker must have network access to the local Ethernet segment (Layer 2).

Siemens strongly recommends verifying the affected products are protected as described in the PROFINET Security Guidelines and Siemens Operational Guidelines to run the devices in a protected IT environment.

Siemens provides firmware updates fixing the vulnerabilities for the following affected products and recommends users update to the new fixed version:

https://support.industry.siemens.com/cs/ww/en/view/109756088
https://support.industry.siemens.com/cs/ww/en/view/109745387
https://support.industry.siemens.com/cs/ww/en/view/109745388
https://support.industry.siemens.com/cs/ww/en/view/109757489
https://support.industry.siemens.com/cs/ww/en/view/109744924
https://support.industry.siemens.com/cs/ww/en/view/109749255
https://support.industry.siemens.com/cs/ww/en/view/109747253
https://support.industry.siemens.com/cs/ww/en/view/109743740
https://support.industry.siemens.com/cs/ww/en/view/109743058
https://support.industry.siemens.com/cs/ww/en/view/109752018
https://support.industry.siemens.com/cs/ww/en/view/109755950
https://support.industry.siemens.com/cs/ww/en/view/109748080
https://support.industry.siemens.com/cs/ww/en/view/109747276
https://support.industry.siemens.com/cs/ww/en/view/109748934
https://support.industry.siemens.com/cs/ww/en/view/109748937
https://support.industry.siemens.com/cs/ww/en/view/109744953
https://support.industry.siemens.com/cs/ww/en/view/109750006
https://support.industry.siemens.com/cs/ww/en/view/109747482
https://support.industry.siemens.com/cs/ww/en/view/109744504
https://support.industry.siemens.com/cs/ww/en/view/102295547
https://support.industry.siemens.com/cs/ww/en/view/79207181
https://support.industry.siemens.com/cs/ww/en/view/109479281
https://support.industry.siemens.com/cs/de/de/view/78648144
https://support.industry.siemens.com/cs/ww/en/view/109754281
https://support.industry.siemens.com/cs/ww/en/view/78647504
https://support.industry.siemens.com/cs/us/en/view/93012181
https://support.industry.siemens.com/cs/document/109753683
https://support.industry.siemens.com/cs/de/de/view/78648144
https://support.industry.siemens.com/cs/ww/en/view/85624387
https://support.industry.siemens.com/cs/de/en/view/109749637

Updates for Development/Evaluation Kits for PROFINET IO can be obtained via ComDeC at comdec@siemens.com or pic.industry@siemens.com

https://w3.siemens.com/aspa_app/

https://support.industry.siemens.com/cs/ww/de/ps/13752/dl or

https://support.industry.siemens.com/cs/ww/en/ps/13752/dl
https://support.industry.siemens.com/cs/de/en/view/109474874
https://support.industry.siemens.com/cs/ww/en/view/109752685
https://support.industry.siemens.com/cs/document/109474550
https://support.industry.siemens.com/cs/ww/en/view/109476571
https://support.industry.siemens.com/cs/ww/en/view/109741461
https://support.industry.siemens.com/cs/ww/en/view/109478459
https://support.industry.siemens.com/cs/ww/en/view/109478528

ttps://support.industry.siemens.com/cs/ww/en/view/109765109

https://support.industry.siemens.com/cs/ww/en/view/44029688
https://support.industry.siemens.com/cs/ww/en/view/109474935
https://support.industry.siemens.com/cs/ww/en/view/109482659
https://support.industry.siemens.com/cs/ww/en/view/103433117
https://support.industry.siemens.com/cs/ww/en/view/109742040
https://support.industry.siemens.com/cs/de/en/view/109474320
https://support.industry.siemens.com/cs/de/en/view/92522512
https://support.industry.siemens.com/cs/de/en/view/109740193
https://support.industry.siemens.com/cs/ww/en/view/103433117
https://support.industry.siemens.com/cs/ww/en/view/109742040
https://support.industry.siemens.com/cs/document/109746210
https://support.industry.siemens.com/cs/ww/en/view/109749989
https://support.industry.siemens.com/cs/ww/en/view/109742328
https://support.industry.siemens.com/cs/us/en/view/109761576

——— Begin Update Q Part 2 of 2 ———

https://support.industry.siemens.com/cs/ww/en/view/109740119
https://support.industry.siemens.com/cs/ww/en/view/27049282

——— End Update Q Part 2 of 2 ———

Siemens is preparing updates for the remaining affected products and recommends the following mitigations in the meantime:

As a general security measure Siemens and PNO strongly recommend protecting industrial control systems networks with appropriate mechanisms. Siemens encourages users to verify that the affected products are protected as described in PNO Security Guidelines and Siemens operational guidelines to run the devices in a protected IT environment.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-293562 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

Source:

https://us-cert.cisa.gov/ics/advisories/ICSA-17-129-02

Related posts

Advantech WebAccess/SCADA

(I) IoT
6 years ago

Schneider Electric Modicon M221

(I) IoT
6 years ago

Detecting Citrix CVE-2019-19781

(I) IoT
5 years ago
Exit mobile version