Earlier this week (still getting caught up) the DHS ICS-CERT published two advisories for control system vulnerabilities in Siemens products. One was for a new denial of service attack vulnerability in the Simatic S7-1500 CPU and the other was an update of an earlier HeartBleed advisory.
This advisory addresses a vulnerability in the handling of specially crafted TCP packets that could result in a CPU restart and hold in the STOP mode which would require manual reset. It was originally reported by Arnaud Ebalard from Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) in a coordinated disclosure.
Siemens has produced a firmware update that mitigates the vulnerability. There is no indication that Ebalard has been given the opportunity to verify the efficacy the fix.
ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability. The Siemens Product-CERT advisory clarifies that network access is required to exploit the vulnerability.
This advisory updates the Siemens HeartBleed Advisory originally issued on July 17th and previously updated on July 23rd. The new update:
• Provides affected version information not previously provided for the S7-1500 product;
• Provides a link to the newly available S7-1500; and
• Removes the alternative mitigation measures previously provided for the S7-1500.
The Siemens ProductCert advisory was also updated.
NOTE: Siemens reports that they are continuing to work on HeartBleed fixes for their ROX 1, ROX 2, and CP1543-1 products.