SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-467200707] Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-07-26SOFTWARESiemens SIMATIC NET PC-SoftwareVladimir Dashchenko and Sergey TemnikovN/A2016-5874N/AN/AN/A

Source

						
							
								
#
# Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability
#


### OVERVIEW

Siemens has identified a denial-of-service vulnerability in SIMATIC NET PC-Software. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs reported this issue directly to Siemens. Siemens has produced a new version to mitigate this vulnerability.

This vulnerability could be exploited remotely.




### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following SIMATIC products:

SIMATIC NET PC-Software: All versions prior to V13 SP2






### IMPACT

A successful exploit of this vulnerability could cause a denial-of-service condition that would require a manual restart to recover.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.






### BACKGROUND

Siemens is a multinational company headquartered in Munich, Germany.

The affected product, the Siemens SIMATIC NET PC-Software, is designed for communication between controllers (PLCs) and PC-based solutions (HMIs). According to Siemens, the SIMATIC NET PC-Software is deployed across several sectors including Chemical, Critical Manufacturing, and Food and Agriculture. Siemens estimates that this product is used worldwide.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW

RESOURCE EXHAUSTION

Specially crafted packets sent to several ports (Port 55101/TCP through Port 55105/TCP, Port 4845/TCP, and Port 4847/TCP through Port 4850/TCP) could cause a denial-of-service of the OPC-Unified Architecture (UA) service. A manual restart of the service is required to recover the system.
CVE-2016-5874 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L[A1] ).





### VULNERABILITY DETAILS


# EXPLOITABILITY

This vulnerability could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.


# DIFFICULTY

An attacker with a low skill would be able to exploit this vulnerability.





### MITIGATION

Siemens provides SIMATIC NET PC-Software V13 SP2, which fixes the vulnerability, and recommends users upgrade to the new version. SIMATIC NET PC-Software V13 SP2 can be obtained by contacting your local Siemens representative or customer support.

If OPC-UA is not required, Siemens recommends deactivating these in the communication settings according to the information in the respective product manual.

As a general security measure, Siemens strongly recommends protecting network access to SIMATIC NET PC-Software services with appropriate mechanisms. It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

https://www.siemens.com/cert/operational-guidelines-industrial-security

For more information on this vulnerability and detailed instructions, please see Siemens Security Advisory SSA-453276 at the following location:
http://www.siemens.com/cert/advisories