|2017-06-29||Other||Siemens||Maksim Malyutin from Embedi reported this issue to Intel.
# Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
SIMATIC Industrial PCs, SINUMERIK Panel Control Unit (PCU), SIMOTION P320
Maksim Malyutin from Embedi reported this issue to Intel.
### AFFECTED PRODUCTS
Siemens reports that the vulnerability affects Siemens Industrial products which use Intel processors (Intel Core i5, Intel Core i7 and Intel XEON):
SIMATIC Industrial PCs
SINUMERIK Panel Control Unit (PCU)
Please see Siemens Security Advisory SSA-874235
(link is external)
for the full list of affected versions.
A remote attacker can gain system privileges by exploiting this vulnerability.
### VULNERABILITY OVERVIEW
PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
Unprivileged local or remote attackers can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT)
CVE-2017-5689 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Critical Infrastructure Sectors: Chemical, Commercial Facilities, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany
Siemens has provided firmware updates for the various industrial PCs to address this vulnerability. It can be found on their web site at the following location:
Siemens is working on updates for the remaining products, and recommends that users implement the following mitigations:
Ensure that AMT is set to “un-configured” in the BIOS-Setup.
The manufacturer settings for “iAMT” in the BIOS-Setup should always be “unconfigured” and “disabled”.
To un-configure iAMT please go into BIOS-Setup “Advanced->Active Management Technology Support” and set the variable “Un-configure” to , save the changes with F10. Afterwards reboot and verify that iAMT is un-configured and reset.
Protect network access to Ports 16992/TCP, 16993/TCP, 16994/TCP, 16995/TCP, 623/TCP, and 664/TCP.
Siemens strongly recommends users protect network access to the non-perimeter industrial products with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security:
For more a specific list of affected products and more detailed mitigation instructions, please see Siemens Security Advisory SSA-874235 at the following location:
For more information about this vulnerability, please see Intel Security Advisory – INTEL-SA-00075 at the following location: