ICSA-18-023-02 Siemens Industrial Products (Update A)
Monitor6.5ICS-CERT ICSA-18-023-02Jan 18, 2018
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
This vulnerability affects Siemens PROFINET extension units and industrial communication modules due to improper resource handling (CWE-400: Uncontrolled Resource Consumption). An attacker on the local Ethernet segment can send specially crafted packets to trigger excessive resource consumption, causing denial of service. The vulnerability affects Extension Units 12\", 15\", 19\", and 22\" PROFINET (firmware <V01.01.01), SIMATIC CP 1242-7 GPRS V2, CP 1243-7 LTE EU/US, CP 1243-8 IRC (firmware <V2.1.82), and SIMATIC CP 1626 (firmware <V1.1).
What this means
What could happen
An attacker on your local network segment could cause a denial of service by exploiting uncontrolled resource allocation, potentially disrupting communication with PROFINET extension units or cellular communication modules used in remote monitoring and process control applications.
Who's at risk
Manufacturing facilities using Siemens PROFINET extension units (12\", 15\", 19\", or 22\" models) for distributed I/O and industrial communication modules (CP 1242-7 GPRS V2, CP 1243-7 LTE, CP 1243-8 IRC, or CP 1626) for cellular or remote connectivity in PLC systems and networked automation equipment.
How it could be exploited
An attacker positioned on the same Ethernet segment (Layer 2 network) as the affected device can send crafted PROFINET or communication protocol packets that trigger excessive resource consumption, exhausting memory or processing capacity and causing the device to become unresponsive or reboot.
Prerequisites
- Direct network access to the local Ethernet segment (Layer 2)
- No authentication or special credentials required
- Device running vulnerable firmware version
Remotely exploitable within local network segmentNo authentication requiredLow attack complexityAffects industrial communication and I/O devicesPatches available but require maintenance window
Exploitability
Moderate exploit probability (EPSS 2.3%)
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
Extension Unit 12" PROFINET<V01.01.01v01.01.01
Extension Unit 19" PROFINET<V01.01.01v01.01.01
Extension Unit 22" PROFINET<V01.01.01v01.01.01
SIMATIC CP 1242-7 GPRS V2<V2.1.82v2.1.82
SIMATIC CP 1626<V1.1v1.1
SIMATIC CP 1243-7 LTE/US<V2.1.82v2.1.82
SIMATIC CP 1243-8<V2.1.82v2.1.82
Extension Unit 15" PROFINET<V01.01.01v01.01.01
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
SIMATIC CP 1242-7 GPRS V2
HOTFIXUpgrade SIMATIC CP 1242-7 GPRS V2, CP 1243-7 LTE EU/US, and CP 1243-8 IRC devices to firmware v2.1.82 or later
SIMATIC CP 1626
HOTFIXUpgrade SIMATIC CP 1626 devices to firmware v1.1 or later
All products
HOTFIXUpgrade Extension Unit 12", 15", 19", and 22" PROFINET devices to firmware v01.01.01 or later
Long-term hardening
0/3HARDENINGImplement a cell protection concept to logically isolate critical control network segments
HARDENINGDeploy VPN encryption for all network communication between networked cells and remote sites
HARDENINGImplement defense-in-depth strategy: place control system networks behind firewalls, isolate from business network, and restrict network access to devices
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1bc47b0e-ff27-45d5-ad8e-938c5969bc2f