Siemens SIMATIC PLC exists DoS flaw

Windows Installer Zero-Day Vulnerability

In a security announcement issued on Tuesday, Siemens AG (SIEMENS, Germany) informed customers that the Central Processing Unit (CPU) of its SIMATIC S7-400 product was affected by a high severity denial of service (DoS) vulnerability. It is worth noting that not only SIMATIC S7-400 but also other PLC products produced by Siemens have a wide range of applications in China’s industrial field.

SIMATIC S7-400 A series of Programmable Logic Controllers (PLCs) manufactured by Siemens, designed for process control in industrial environments. They are widely used worldwide, such as the automotive industry, machinery and equipment manufacturing, storage systems, construction engineering, steel industry, power generation and distribution, pharmaceuticals, food and beverage industries, and chemical industries.

Siemens found that CPUs affected by vulnerabilities could not properly verify S7 communication packets, which would cause the CPU to enter a denial of service state, and this state would continue until manually restarted.

A remote attacker who wants to exploit this vulnerability successfully only needs to do one thing. It is to send a specially crafted malicious S7S7 communication packet to the CPU’s communication interface. This includes Ethernet, PROFIBUS, and Multi-Point Interface (MPI). This does not require any user interaction or privilege, it can directly lead to the denial of service state of the CPU core functions, thereby affecting the availability of the entire system.

Affected Product and Versions Remediation
SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below: All versions Upgrade to hardware version 5.0 or newer https://support.industry.siemens.com/cs/ww/en/ view/109483507
SIMATIC S7-400 (incl. F) CPU hardware version 5.0: All firmware versions < V5.2 Update to firmware version 5.2 or newer https://support.industry.siemens.com/cs/ww/en/ view/109474827
SIMATIC S7-400H CPU hardware version 4.5 and below: All versions Upgrade to hardware version 6.0 or newer https://support.industry.siemens.com/cs/ww/en/ view/75407031

 

A vulnerability is identified as CVE-2018-4850, CVSS score is 7.5, affecting SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and earlier and SIMATIC S7-400 (incl. F) CPU hardware version 5.0 and later Earlier versions, and SIMATIC S7-400H CPU Hardware Version 4.5 and earlier. To fix this vulnerability, Siemens recommends that users update to hardware versions 5.0, 5.2, and 6.0 respectively.

Siemens said that it has not observed that the vulnerability has been exploited by malicious people. The affected hardware version is or has been eliminated. Considering that DoS vulnerabilities may pose a serious threat to the industrial environment, users should update to the latest version as soon as possible.