ICS-CERT Publishes Two Siemens Advisories and Updates a Third

This morning the DHS ICS-CERT published two new advisories for control system vulnerabilities in products from Siemens and updates a Siemens Advisory initially issued in April, 2016. They also provided some updated information for the Fall 2016 ICSJWG Meeting in Ft. Lauderdale.

Siemens SIMATIC S7-300 Advisory

This advisory describes a denial of service vulnerability in the SIMANTIC S7-300 CPU family. The vulnerability was reported separately by Mate J. Csorba of DNV GL, Marine Cybernetics Services, and Amund Sole of Norwegian University of Science and Technology. Siemens has produced a firmware update to mitigate the vulnerability. There is no indication that the researchers were provided a chance to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to go into defect mode, requiring a cold restart to recover the system. The Siemens-CERT advisory notes that the attacker would require network access and that enabling read-write protection on the device mitigates the vulnerability.

Siemens reported this yesterday on TWITTER.

Siemens SIMATIC WinCC Advisory

This advisory describes a weakly protected credentials vulnerability in the Siemens SIMATIC WinCC flexible. The vulnerability was reported to Siemens by Gleb Gritsai and Roman Ilin from Positive Technologies. Siemens has produced an update to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a highly skilled attacker could remotely exploit this vulnerability to possibly reconstruct user credentials. The Siemens-CERT advisory clarifies that the vulnerable credentials are those for the remote management module.

Siemens reported this yesterday on TWITTER.

Siemens glibc Update

This updates an advisory for a a buffer overflow vulnerability in the glibc library that could affect several of the Siemens industrial products. It updates the affected version numbers for the SINEMA Remote Connect product. It also reports that Siemens has added an update for that product. The SCALANCE M800/S615, and Basic RT V13 products have yet to be updated.

Siemens reported this yesterday on TWITTER. Without this Siemens TWEET we would never have known that the ICS-CERT advisory had been updated; and it still took some searching to find the updated advisory.

ICSJWG Meeting Update

ICS-CERT reports that:

“The ICSJWG Program Office is now accepting abstracts for the 2016 Fall Meeting in Ft. Lauderdale!  We will consider topics among a wide range of issues that relate to industrial control systems cybersecurity and resilience across critical infrastructure.  We encourage everyone who is interested in presenting to submit an abstract, as we look to populate the agenda with a variety of presentations.”

The abstract submission form is available on-line. Registration is now open on-line for attending the meeting.