Today the DHS ICS-CERT published two control system security
advisories for separate Siemens SIMATIC products. They also updated a third
Siemens advisory that was originally
reported on November 8th, 2016. These were reported by Siemens earlier on
TWITTER (here,
here
and here).
Siemens SIMATIC CP 1543-1 Advisory
This advisory
describes two vulnerabilities in the Siemens SIMATIC CP 1543-1 communications
processor. The vulnerabilities were reported by SOGETI via Agence nationale de
la sécurité des systèmes d’information (ANSSI). Siemens has produced a firmware
update to mitigate the vulnerability. There is no indication that SOGETI has
been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Improper input validation - CVE-2016-8561;
and
• Improper privilege management - CVE-2016-8562
ICS-CERT reports that it would be difficult to craft a
workable exploit of these vulnerabilities, but that they could be exploited
remotely to elevate privileges on the affected devices or cause a
denial-of-service condition. Siemens reports
that: “Vulnerability 2 only applies if SNMPv1 is activated or SNMPv3 write
access is activated.”
Siemens SIMATIC CP 343-1 Advisory
This advisory
describes two vulnerabilities in multiple Siemens SIMATIC products. The
vulnerabilities were reported by Inverse Path auditors and the Airbus ICT
Industrial Security team. Siemens has produced a new firmware version for some
of the affected products and a workaround to the others. There is no indication
that either reporting agencies were provided an opportunity to verify the
efficacy of the fix.
The reported vulnerabilities are:
• Insufficient verification of data
authenticity - CVE-2016-8673; and
• Sensitive cookie in HTTPS session
without secure attribute - CVE-2016-8672
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit these vulnerabilities to perform operations as an
authenticated user. Siemens reports
that the first vulnerability would require a social engineering attack.
Siemens Update
This update
provides updated affected version data and mitigation information for WinCC
v7.3.
Posts
No comments:
Post a Comment