Siemens has provided firmware updates addressing vulnerabilities in two popular products lines, the SIMATIC WinCC flexible, and the SIMATIC S7-300 CPU family.
The SIMATIC S7-300 flaw is a denial-of-service issue that could be remotely exploited to cause the device to go into defect mode, an advisory from the Industrial Control System Cyber Emergency Response Team (ICS-CERT) said. Admins would need to perform a cold restart to recover affected systems.
SIMATIC S7-300 CPUs with Profinet support prior to V3.2.12, and SIMATIC S7-300 CPUs without Profinet support prior to V3.3.12 are affected, Siemens said.
“Specially crafted packets sent to Port 102/TCP (ISO-TSAP) or via Profibus could cause the affected device to go into defect mode. A cold restart is required to recover the system,” ICS-CERT said, adding that it is unaware of public attacks using this vulnerability.
Siemens urges admins to upgrade to firmware versions V3.2.12 and V3.3.12.
The SIMATIC S7-300 handles process control in a number of industries, including chemical, energy, water and others.
The SIMATIC WinCC Flexible vulnerability puts credentials at risk to remote attack; an attacker who is able to capture network traffic coming from the remote management module to steal user credentials. All versions prior to SP3 Up7 are affected, ICS-CERT said in its advisory.
“The remote management module of SIMATIC WinCC flexible panels and SIMATIC WinCC flexible runtime transmits weakly protected credentials over the network,” ICS-CERT said in its advisory. “Attackers capturing network traffic of the remote management module could possibly reconstruct the credentials.”
ICS-CERT said a skilled attacker could exploit this vulnerability; there are no reports of public attacks.
SIMATIC WinCC Flexible software provides visualization of industrial processes from Windows PCs or a Siemens panel PC. It’s used in a number of critical industries.