ICSA-18-023-02 Siemens Industrial Products (Update A)

MonitorCVSS 6.5ICS-CERT ICSA-18-023-02Jan 18, 2018

SiemensManufacturing

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

This vulnerability affects Siemens PROFINET extension units and industrial communication modules due to improper resource handling (CWE-400: Uncontrolled Resource Consumption). An attacker on the local Ethernet segment can send specially crafted packets to trigger excessive resource consumption, causing denial of service. The vulnerability affects Extension Units 12\", 15\", 19\", and 22\" PROFINET (firmware <V01.01.01), SIMATIC CP 1242-7 GPRS V2, CP 1243-7 LTE EU/US, CP 1243-8 IRC (firmware <V2.1.82), and SIMATIC CP 1626 (firmware <V1.1).

What this means

What could happen

An attacker on your local network segment could cause a denial of service by exploiting uncontrolled resource allocation, potentially disrupting communication with PROFINET extension units or cellular communication modules used in remote monitoring and process control applications.

Who's at risk

Manufacturing facilities using Siemens PROFINET extension units (12\", 15\", 19\", or 22\" models) for distributed I/O and industrial communication modules (CP 1242-7 GPRS V2, CP 1243-7 LTE, CP 1243-8 IRC, or CP 1626) for cellular or remote connectivity in PLC systems and networked automation equipment.

How it could be exploited

An attacker positioned on the same Ethernet segment (Layer 2 network) as the affected device can send crafted PROFINET or communication protocol packets that trigger excessive resource consumption, exhausting memory or processing capacity and causing the device to become unresponsive or reboot.

Prerequisites

Direct network access to the local Ethernet segment (Layer 2)
No authentication or special credentials required
Device running vulnerable firmware version

Remotely exploitable within local network segmentNo authentication requiredLow attack complexityAffects industrial communication and I/O devicesPatches available but require maintenance window

Exploitability

Some exploitation risk — EPSS score 2.3%

Affected products (8)

8 with fix

ProductAffected VersionsFix Status

Extension Unit 12" PROFINET<V01.01.01v01.01.01

Extension Unit 19" PROFINET<V01.01.01v01.01.01

Extension Unit 22" PROFINET<V01.01.01v01.01.01

SIMATIC CP 1242-7 GPRS V2<V2.1.82v2.1.82

SIMATIC CP 1626<V1.1v1.1

SIMATIC CP 1243-7 LTE/US<V2.1.82v2.1.82

SIMATIC CP 1243-8<V2.1.82v2.1.82

Extension Unit 15" PROFINET<V01.01.01v01.01.01

Remediation & Mitigation

0/6

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

SIMATIC CP 1242-7 GPRS V2

HOTFIXUpgrade SIMATIC CP 1242-7 GPRS V2, CP 1243-7 LTE EU/US, and CP 1243-8 IRC devices to firmware v2.1.82 or later

SIMATIC CP 1626

HOTFIXUpgrade SIMATIC CP 1626 devices to firmware v1.1 or later

All products

HOTFIXUpgrade Extension Unit 12", 15", 19", and 22" PROFINET devices to firmware v01.01.01 or later

Long-term hardening

0/3

HARDENINGImplement a cell protection concept to logically isolate critical control network segments

HARDENINGDeploy VPN encryption for all network communication between networked cells and remote sites

HARDENINGImplement defense-in-depth strategy: place control system networks behind firewalls, isolate from business network, and restrict network access to devices

CVEs (1)

CVE-2017-2680

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1bc47b0e-ff27-45d5-ad8e-938c5969bc2f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.