Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Out-of-Bounds Read (CVE-2019-6568)

high Tenable OT Security Plugin ID 500268

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends upgrading to the following firmware updates for the products below:

- SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants): Update to v2.1.6
- SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Update to v2.7
- SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants): Update to v15.1 Upd4
- SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants): Update to v15.1 Upd4
- SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants): Update to v15.1 Upd4
- SIMATIC IPC DiagMonitor: Update to v5.1.3
- SIMATIC RF185C, RF186C, and RF188C: Update to v1.1.0
- SIMATIC RF600R: Update to v3.2.1
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Update to v2.6.1
- SIMATIC S7-1500 Software Controller: Update to v2.7
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants): Update to v3.X.16
- SIMATIC S7-PLCSIM Advanced: Update to v2.0 SP1 Upd1
- SIMATIC WinAC RTX (F) 2010: Update to SP3 and apply BIOS and MS Windows updates
- SIMATIC WinCC Runtime Advanced: Update to v15.1 Upd4
- SIMOCODE pro VPN (incl. SIPLUS variants): Update to v2.1.3

- SIMOCODE pro V EIP (incl. SIPLUS variants): Update to v1.1.3

- SINAMICS G130 v5.1 Control Unit: Update to v5.1 SP1 HF4 or later version, or to latest version ofv5.2
- SINAMICS G130 v5.1 SP1 Control Unit: Update to v5.1 SP1 HF4 or later version
- SINAMICS G150 v5.1 Control Unit: Update to v5.1 SP1 HF4 or later version, or to latest version ofv5.2
- SINAMICS G150 v5.1 SP1Control Unit: Update to v5.1 SP1 HF4 or later version
- SINAMICS S120 v5.1 Control Unit (incl. SIPLUS variants): Update to v5.1 SP1 HF4 or later version, or to latest version ofv5.2
- SINAMICS S120 v5.1 SP1 Control Unit(incl. SIPLUS variants): Update to v5.1 SP1 HF4 or later version
- SINAMICS S150 v5.1 Control Unit: Update to v5.1 SP1 HF4 or later version, or to latest version ofv5.2
- SINAMICS S150 v5.1 SP1 Control Unit: Update to v5.1 SP1 HF4 or later version
- SINAMICS G130 v4.6, v4.7, and v4.7 SP1: Update to v5.2 (latest version)
- SINAMICS G130 v4.8: Update to v4.8 HF6
- SINAMICS G150 v4.6 and v4.7 SP1: Update to v5.2 (latest version)
- SINAMICS G150 v4.8: Update to v4.8 HF6
- SINAMICS S120 v4.6 and v4.7 SP1 (incl. SIPLUS variants): Update to v5.2 (latest version)
- SINAMICS S120 v4.8 (incl. SIPLUS variants): Update to v4.8 HF6
- SINAMICS S150 v4.6 and v4.7 SP1: Update to v5.2 (latest version)
- SINAMICS S150 v4.8: Update to v4.8 HF6
- SITOP Manager: Update to v1.1
- SITOP PSU8600: Update to v1.5
- SITOP UPS1600 (incl. SIPLUS variants): Update to v2.3
- TIM 1531 IRC (incl. SIPLUS NET variants): Update to v2.1

For all other affected products, Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Apply appropriate strategies for mitigation as described in the general security recommendation section.
- Restrict network access to the integrated webserver.
- Deactivate the webserver if not required and if deactivation is supported by the product.
- For SINAMICS S, G130, G150 devices: perform upgrade to a new fixed version, for example v5.2.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens’ operational guidelines for Industrial Security, and follow the recommendations in the product manuals.

Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information on the vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-480230

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-19-099-06

Plugin Details

Severity: High

ID: 500268

Version: 1.13

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/19/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-6568

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware, cpe:/o:siemens:simatic_cp443-1_firmware, cpe:/o:siemens:simatic_cp343-1_advanced_firmware, cpe:/o:siemens:simatic_s7-300_firmware, cpe:/o:siemens:sitop_psu8600_firmware, cpe:/o:siemens:simatic_et_200s_im_151-8f_pn%2fdp_firmware, cpe:/o:siemens:simatic_s7-1500_firmware, cpe:/o:siemens:sitop_ups1600_firmware, cpe:/o:siemens:simatic_s7-400_pn%2fdp_v7_firmware, cpe:/o:siemens:simatic_cp443-1_advanced_firmware, cpe:/o:siemens:simatic_et_200pro_im_154-8_pn%2fdp_firmware, cpe:/o:siemens:simatic_cp443-1_opc_ua_firmware, cpe:/o:siemens:simatic_s7-400_pn%2fdp_v6_firmware, cpe:/o:siemens:simatic_et_200pro_im_154-8fx_pn%2fdp_firmware, cpe:/o:siemens:simatic_s7-300_cpu_314c-2_pn%2fdp_firmware, cpe:/o:siemens:simatic_et_200pro_im_154-8f_pn%2fdp_firmware, cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware, cpe:/o:siemens:simatic_et_200s_im_151-8_pn%2fdp_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2019

Vulnerability Publication Date: 4/17/2019

Reference Information

CVE: CVE-2019-6568

CWE: 125

ICSA: 19-099-06