SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-794258978] Siemens Industrial Products glibc Library Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-04-14OTHERSiemensFermin J. Serna, Gynvael Coldwind, Thomas GarnierN/A2015-7547N/AN/A

Source

						
							
								
#
# Siemens Industrial Products glibc Library Vulnerability
#


### OVERVIEW

Siemens reports that a buffer overflow vulnerability in the glibc library could affect several of its industrial products. Siemens has produced updates to mitigate this vulnerability in ROX II and APE devices. Siemens provides specific mitigations for SINEMA Remote Connect, SCALANCE M-800/S615, and Basic RT V13 until a patch is available for these products.

This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.




### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following products:

ROX II: V2.3.0-V2.9.0 (inclusive),
APE (Linux) : All versions,
SINEMA Remote Connect: All versions,
SCALANCE M-800/S615: All versions, and
Basic RT V13: All versions.






### IMPACT

An attacker who successfully exploits this vulnerability may be able to cause a denial-of-service condition in the affected devices or possibly execute arbitrary code.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.






### BACKGROUND

Siemens is a multinational company headquartered in Munich, Germany.

Siemens ROX-based devices are used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. RUGGEDCOM APE is a utility-grade computing platform that plugs directly into any member of the RUGGEDCOM RX1500 family and makes it possible to run third-party software applications without an external industrial PC. SINEMA Remote Connect is a management platform for remote networks allowing users to manage and maintain tunnel connections (VPN) between networks, machines, and sites. SCALANCE security modules provide filtering of incoming and outgoing network connections with stateful packet inspection.

According to Siemens, the affected devices are deployed across several sectors including Chemical, Communications, Critical Manufacturing, Dams, Energy, Food and Agriculture, Government Facilities, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems. Siemens estimates that these products are used worldwide.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW

IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER

There is a stack-based buffer overflow vulnerability in the glibc library's DNS client side resolver.
CVE-2015-7547 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).






### VULNERABILITY DETAILS


# EXPLOITABILITY

This vulnerability could be exploited remotely.


# EXISTENCE OF EXPLOIT

Exploits that target this vulnerability are publicly available:
https://github.com/fjserna/CVE-2015-7547/archive/master.zip


# DIFFICULTY

Crafting a working exploit for this vulnerability would be difficult.





### MITIGATION

Siemens provides updates for the following products and encourages customers to update their products:

* ROX II: Update to version 2.9.1

            Submit a support request online

			https://www.siemens.com/automation/support-request

            Call a local hotline center:

			https://w3.siemens.com/aspa_app/


* APE (Linux): Follow update process provided in the corresponding application note:

			http://support.automation.siemens.com/WW/view/en/109485761(link is external)


Siemens recommends applying the following mitigations until patches are available for SINEMA Remote Connect, SCALANCE M-800/S615, and Basic RT V13:
Disable use of DNS on affected devices if possible.
Use trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration.
Or limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.

As a general security measure, Siemens strongly recommends to protect network access to nonperimeter devices with appropriate mechanisms. It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-301706 at the following location:

http://www.siemens.com/cert/advisories