(I)IoT Security News
ICS, News, Vulnerabilities

Siemens PROFINET DCP (Update S)

Siemens PROFINET DCP

1. EXECUTIVE SUMMARY

2. UPDATE INFORMATION

This updated advisory is a follow-up to the updated advisory titled ICSA-17-129-02 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update R) that was published August 11, 2020, to the ICS webpage on us-cert.gov.

3. RISK EVALUATION

Successful exploitation of these vulnerabilities could cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

Siemens reports that these vulnerabilities affect the following products using PROFINET DCP:

——— Begin Update S Part 1 of 3 ———

——— End Update S Part 1 of 3 ———

——— Begin Update S Part 2 of 3 ———

——— End Update S Part 2 of 3 ———

4.2 VULNERABILITY OVERVIEW

4.2.1 IMPROPER INPUT VALIDATION CWE-20

Specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVE-2017-2680 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.2.2 IMPROPER INPUT VALIDATION CWE-20

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial-of-service condition in that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.

CVE-2017-2681 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

4.3 BACKGROUND

4.4 RESEARCHER

Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported these vulnerabilities directly to Siemens.

5. MITIGATIONS

The attacker must have network access to the local Ethernet segment (Layer 2).

Siemens strongly recommends verifying the affected products are protected as described in the PROFINET Security Guidelines and Siemens Operational Guidelines to run the devices in a protected IT environment.

Siemens provides firmware updates fixing the vulnerabilities for the following affected products and recommends users update to the new fixed version:

——— Begin Update S Part 3 of 3 ———

——— End Update S Part 3 of 3 ———

Siemens is preparing updates for the remaining affected products and recommends the following mitigations in the meantime:

As a general security measure Siemens and PNO strongly recommend protecting industrial control systems networks with appropriate mechanisms. Siemens encourages users to verify that the affected products are protected as described in PNO Security Guidelines and Siemens operational guidelines to run the devices in a protected IT environment.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens security advisory SSA-293562

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

Source:

https://us-cert.cisa.gov/ics/advisories/ICSA-17-129-02

Related posts

Schneider Electric PLC Simulator for EcoStruxure Control Expert

(I) IoT
4 years ago

Siemens SIMATIC WinCC

(I) IoT
4 months ago

Industrial Control Links ScadaFlex II SCADA Controllers

IoT
2 years ago
Exit mobile version