SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-538243660] Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-29OtherSiemensMaksim Malyutin from Embedi reported this issue to Intel. N/ACVE-2017-5689 N/AN/AN/A

Source

						
							
								
#
# Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
SIMATIC Industrial PCs, SINUMERIK Panel Control Unit (PCU), SIMOTION P320



### RESEARCHER
Maksim Malyutin from Embedi reported this issue to Intel.



### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects Siemens Industrial products which use Intel processors (Intel Core i5, Intel Core i7 and Intel XEON):

SIMATIC Industrial PCs
SINUMERIK Panel Control Unit (PCU)
SIMOTION P320
Please see Siemens Security Advisory SSA-874235
(link is external)
for the full list of affected versions.



### IMPACT

A remote attacker can gain system privileges by exploiting this vulnerability.



### VULNERABILITY OVERVIEW

PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
Unprivileged local or remote attackers can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT)


CVE-2017-5689 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Chemical, Commercial Facilities, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens has provided firmware updates for the various industrial PCs to address this vulnerability. It can be found on their web site at the following location:

https://support.industry.siemens.com/cs/ww/en/view/109747626


Siemens is working on updates for the remaining products, and recommends that users implement the following mitigations:

Ensure that AMT is set to "un-configured" in the BIOS-Setup.

The manufacturer settings for "iAMT" in the BIOS-Setup should always be "unconfigured" and "disabled".

To un-configure iAMT please go into BIOS-Setup "Advanced->Active Management Technology Support" and set the variable "Un-configure" to <enabled>, save the changes with F10. Afterwards reboot and verify that iAMT is un-configured and reset.

Protect network access to Ports 16992/TCP, 16993/TCP, 16994/TCP, 16995/TCP, 623/TCP, and 664/TCP.

Siemens strongly recommends users protect network access to the non-perimeter industrial products with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens' Operational Guidelines for Industrial Security:

https://www.siemens.com/cert/operational-guidelines-industrial-security


For more a specific list of affected products and more detailed mitigation instructions, please see Siemens Security Advisory SSA-874235 at the following location:

http://www.siemens.com/cert/advisories


For more information about this vulnerability, please see Intel Security Advisory - INTEL-SA-00075 at the following location:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-


00075&languageid=en-fr