Siemens Firmware Updates Patch SIMATIC Vulnerabilities

Siemens has provided firmware updates addressing vulnerabilities in the SIMATIC WinCC flexible and the SIMATIC S7-300 CPU family.

Siemens has provided firmware updates addressing vulnerabilities in two popular products lines, the SIMATIC WinCC flexible, and the SIMATIC S7-300 CPU family.

The SIMATIC S7-300 flaw is a denial-of-service issue that could be remotely exploited to cause the device to go into defect mode, an advisory from the Industrial Control System Cyber Emergency Response Team (ICS-CERT) said. Admins would need to perform a cold restart to recover affected systems.

SIMATIC S7-300 CPUs with Profinet support prior to V3.2.12, and SIMATIC S7-300 CPUs without Profinet support prior to V3.3.12 are affected, Siemens said.

“Specially crafted packets sent to Port 102/TCP (ISO-TSAP) or via Profibus could cause the affected device to go into defect mode. A cold restart is required to recover the system,” ICS-CERT said, adding that it is unaware of public attacks using this vulnerability.

Siemens urges admins to upgrade to firmware versions V3.2.12 and V3.3.12.

The SIMATIC S7-300 handles process control in a number of industries, including chemical, energy, water and others.

The SIMATIC WinCC Flexible vulnerability puts credentials at risk to remote attack; an attacker who is able to capture network traffic coming from the remote management module to steal user credentials. All versions prior to SP3 Up7 are affected, ICS-CERT said in its advisory.

“The remote management module of SIMATIC WinCC flexible panels and SIMATIC WinCC flexible runtime transmits weakly protected credentials over the network,” ICS-CERT said in its advisory. “Attackers capturing network traffic of the remote management module could possibly reconstruct the credentials.”

ICS-CERT said a skilled attacker could exploit this vulnerability; there are no reports of public attacks.

SIMATIC WinCC Flexible software provides visualization of industrial processes from Windows PCs or a Siemens panel PC. It’s used in a number of critical industries.

Suggested articles

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

ACCEPT AND CLOSE