Siemens SIMATIC RF Manager ActiveX Buffer Overflow

Low RiskICS-CERT ICSA-13-014-01Oct 18, 2013

Summary

SIMATIC RF Manager is vulnerable to a buffer overflow in an ActiveX control. The vulnerability affects SIMATIC RF Manager 2008 (all versions) and SIMATIC RF Manager Basic (version 3.0 and earlier). An attacker could exploit this to execute arbitrary code on systems running the vulnerable software.

What this means

What could happen

An attacker with access to a system running the vulnerable ActiveX control could execute arbitrary code, potentially compromising the engineering workstation and any connected RF infrastructure it manages, affecting wireless device configuration and communication.

Who's at risk

Manufacturing facilities and utilities using Siemens SIMATIC RF Manager for wireless device management should be concerned. This affects engineering workstations running SIMATIC RF Manager 2008 or SIMATIC RF Manager Basic v3.0 or earlier, particularly those managing industrial wireless networks for sensors, identification, or data collection.

How it could be exploited

An attacker could craft a malicious file or web page that triggers the buffer overflow in the ActiveX control when opened by a user on an engineering workstation. If the workstation has network connectivity to RF devices or the control system, the attacker could then issue commands to alter RF device configuration or wireless network parameters.

Prerequisites

ActiveX control must be installed and enabled on the target engineering workstation
User must open a malicious file or visit a malicious web page on the affected workstation
The workstation must have network connectivity to SIMATIC RF infrastructure being managed

buffer overflow vulnerabilityActiveX control (typically requires user interaction)no patch availableaffects engineering workstationslow EPSS score but no compensating vendor fix

Exploitability

Moderate exploit probability (EPSS 2.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

SIMATIC RF Manager Basic: <=v3.0≤ v3.0No fix (EOL)

SIMATIC RF Manager 2008: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDisable or restrict ActiveX controls in web browsers and applications on engineering workstations if not required for SIMATIC RF Manager operation

Mitigations - no patch available

0/4

The following products have reached End of Life with no planned fix: SIMATIC RF Manager Basic: <=v3.0, SIMATIC RF Manager 2008: vers:all/*. Apply the following compensating controls:

HARDENINGIsolate engineering workstations running SIMATIC RF Manager from general network access; restrict to management network only

HARDENINGImplement network access controls to limit which systems can connect to SIMATIC RF Manager workstations

HARDENINGTrain operators and engineers to avoid opening untrusted files or visiting untrusted websites on engineering workstations

HARDENINGMonitor Siemens security updates for SIMATIC RF Manager or successor products that may address this vulnerability

CVEs (1)

CVE-2013-0656

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/30cabdeb-7a03-4a6a-8072-4e58f1d46d7a