Siemens SIPROTEC 5 and DIGSI 5 Improper Input Validation (CVE-2019-10931)

high Tenable OT Security Plugin ID 500202

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions <V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends users upgrade to V7.90 where available and apply the following specific mitigations:

SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules:

- Update to firmware Version 7.90. Search for ‘SIPROTEC 5 - DIGSI Device Drivers v7.90’ on the Siemens Industry Online Support site. Firmware Version 7.90 for the communication modules can also be found on each device specific download page. Applying the update causes the device / module to go through a single restart cycle.

DIGSI 5 engineering software:

- Update to DIGSI 5 v7.90 and activate the client authorization feature.

SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules

- CVE-2019-10931: Update to firmware v7.59. Search for ‘SIPROTEC 5 - DIGSI Device Drivers v7.59’ on the Siemens Industry Online Support site. The firmware version v7.59 for the communication modules can also be found on each device specific download page. Applying the update causes the device/module to go through a single restart cycle.

SIPROTEC 5 device types 7SS85 and 7KE85:

- Update to Version 8.01 or later. Search for ‘SIPROTEC 5 - DIGSI Device Drivers’ on the Siemens Industry Online Support site. Applying the update causes the device/module to go through a single restart cycle.

DIGSI 5 engineering software:

- Update to DIGSI 5 v7.90 and activate the client authorization feature.

SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules

- CVE-2019-10931: Update to firmware v7.59. Search for ‘SIPROTEC 5 - DIGSI Device Drivers v7.59’ on the Siemens Industry Online Support site. The firmware version v7.59 for the communication modules can also be found on each device specific download page. Applying the update causes the device/module to go through a single restart cycle.

All other SIPROTEC 5 device types with CPU variants CP300, CP200, and CP100 and the respective Ethernet communication modules:

- Block access to Port 443/TCP e.g., with an external firewall.
- Activate role-based access control (RBAC) in the device (supported in SIPROTEC 5 firmware v7.80 and higher).
- Activate the DIGSI 5 connection password in the device (supported in all SIPROTEC 5 firmware versions).

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-899560

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-19-190-05

Plugin Details

Severity: High

ID: 500202

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-10931

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:siprotec_5_7sa87_firmware, cpe:/o:siemens:siprotec_5_7um85_firmware, cpe:/o:siemens:siprotec_5_7ut87_firmware, cpe:/o:siemens:siprotec_5_7sj86_firmware, cpe:/o:siemens:siprotec_5_7sl82_firmware, cpe:/o:siemens:siprotec_5_6md85_firmware, cpe:/o:siemens:siprotec_5_7ut85_firmware, cpe:/o:siemens:siprotec_5_7sd82_firmware, cpe:/o:siemens:siprotec_5_7ke85_firmware, cpe:/o:siemens:siprotec_5_7ut82_firmware, cpe:/o:siemens:siprotec_5_7ve85_firmware, cpe:/o:siemens:siprotec_5_7vk87_firmware, cpe:/o:siemens:siprotec_5_7sl87_firmware, cpe:/o:siemens:siprotec_5_7sa86_firmware, cpe:/o:siemens:siprotec_5_7sa82_firmware, cpe:/o:siemens:siprotec_5_6md89_firmware, cpe:/o:siemens:siprotec_5_6md86_firmware, cpe:/o:siemens:siprotec_5_7sd86_firmware, cpe:/o:siemens:siprotec_5_7ss85_firmware, cpe:/o:siemens:siprotec_5_7sj82_firmware, cpe:/o:siemens:siprotec_5_7sj85_firmware, cpe:/o:siemens:siprotec_5_7sk85_firmware, cpe:/o:siemens:siprotec_5_7sl86_firmware, cpe:/o:siemens:siprotec_5_7sd87_firmware, cpe:/o:siemens:siprotec_5_7sk82_firmware, cpe:/o:siemens:siprotec_5_7ut86_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/11/2019

Vulnerability Publication Date: 7/11/2019

Reference Information

CVE: CVE-2019-10931

ICSA: 19-190-05