SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-619221758] Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-08-31OPCSiemensSergey Temnikov of Kaspersky Lab reported this vulnerability to Siemens. N/ACVE-2017-1206 N/AN/AN/A

Source

						
							
								
#
# Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation



### RESEARCHER
Sergey Temnikov of Kaspersky Lab reported this vulnerability to Siemens.



### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following industrial products, which use the Discovery Service of the OPC UA protocol stack by the OPC foundation:

SIMATIC PCS 7
V7.1 and earlier versions
V8.0: All versions
V8.1: All versions
SIMATIC WinCC:

V7.0: All versions
V7.2: All versions
V7.3: All versions
V7.4: All versions prior to V7.4 SP1
SIMATIC WinCC Runtime Professional:

V13: All versions
V14: All versions prior to V14 SP1
SIMATIC NET PC Software: All versions
SIMATIC IT Production Suite: All versions.



### IMPACT

Successful exploitation of this vulnerability may allow an attacker to access various resources.



### VULNERABILITY OVERVIEW

IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611
By sending specially crafted packets to the OPC Discovery Server at Port 4840/TCP, an attacker might cause the system to access various resources chosen by the attacker.
CVE-2017-12069 has been assigned to this vulnerability.
A CVSS v3 base score of 8.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Chemical, Energy, Food and Agriculture, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens provides fixes for the following products and recommends users upgrade to the newest version:

SIMATIC PCS 7:

All versions prior to V9.0: Follow FAQ:

https://support.industry.siemens.com/cs/ww/en/view/109749461


SIMATIC WinCC:

V7.4: Update to V7.4 SP1
https://support.industry.siemens.com/cs/ww/en/view/109746038


All other versions: Follow FAQ to turn off the service after commissioning:

https://support.industry.siemens.com/cs/ww/en/view/109749461


SIMATIC WinCC Runtime Professional:

Update to V14 SP1
https://support.industry.siemens.com/cs/ww/en/view/109746276


All other versions: Follow FAQ to turn off the service after commissioning:

https://support.industry.siemens.com/cs/ww/en/view/109749461


SIMATIC NET PC Software:

Follow FAQ to turn off the service after commissioning:

https://support.industry.siemens.com/cs/ww/en/view/109749461


Siemens is preparing further updates and recommends the following mitigations in the meantime:

Turn off the Discovery Service or block it on the local firewall,
Apply cell protection concept,
Use VPN for protecting network communication between cells, and
Apply Defense in Depth.

Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPNs. Siemens also advises that users configure the operational environment according to Siemens' Operational Guidelines for Industrial Security:

https://www.siemens.com/cert/operational-guidelines-industrial-security


For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-535640 at the following location:

http://www.siemens.com/cert/advisories


The OPC Foundation also published a security bulletin for this vulnerability:

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf