Serious vulnerability found in many Siemens industrial products

07.12.2017

Siemens-vulnerability

 

Several Siemens product lines are affected by a serious vulnerability that can be exploited by a remote hacker to cause systems to enter a DoS condition.

The vulnerability is tracked as CVE-2017-12741 and is rated high severity.

The issue has been reported to Siemens by cybersecurity specialist George Lashenko of CyberX.

Among the products affected are SIMATIC S7-200 Smart micro-PLCs for small automation applications, some SIMATIC S7 CPUs, SIMATIC WinAC RTX software controllers, SIMATIC ET 200 PROFINET interface modules, SIMATIC PN/PN couplers, SIMATIC Compact field units, development kits for PROFINET IO, SIMOTION motion control systems, SINAMICS converters, SINUMERIK CNC automation solutions, SIMOCODE motor management systems, and SIRIUS 3RW motor soft starters.

Hackers can cause affected systems to malfunction by sending them specially crafted packets via UDP port 161, which is used for the simple network management protocol (SNMP). In order to recover from the DoS condition, the devices must be manually restarted.

For exploitation, however, hackers must have network access.

According to CyberX, there are roughly 2,000 Siemens devices accessible from the Internet, including approximately 400 that have an open SNMP port, which could make them vulnerable to this exploit.

“DoS vulnerabilities shouldn’t be taken lightly,” CyberX said. “The December 2016 attack on the Ukrainian electrical grid used this type of exploit to disable protection relays and make it more difficult for operators to recover.”

The company has released firmware updates that patch the vulnerability in some SIMATIC S7, EK-ERTEC, SIMOTION and SINAMICS products.

Until patches become available for the other affected products, Siemens recommends disabling SNMP, which fully mitigates the vulnerability, protecting network access to port 161, applying defense-in-depth and cell protection concepts, and using VPNs.

Would you like to comment on this article?

Share

Latest news

15.12.2017

Hacker removed malware from Netgear site, the company failed to do so for 2 years

An anonymous hacker has removed malware from a Netgear site after the company failed to clean up a malware infection for more than two years.

15.12.2017

Hacker robbed church in Northern Ireland

The hacker told the priest that the church computer should be remotely accessible to fix an internet problem.

15.12.2017

Synaptics to remove keylogger from its drivers

The company has decided to remove the keylogger functionality from its products.

Sign up for our online newsletter!