ATTENTION: Remotely exploitable/low skill level to exploit.
Equipment: Industrial products
Vulnerability: Improper Input Validation
This updated advisory is a follow-up to the original advisory titled ICSA-17-339-01 Siemens Industrial Products that was published December 5, 2017, on the NCCIC/ICS-CERT web site.
--------- Begin Update A Part 1 of 2 --------
Siemens reports the vulnerability affects the following industrial products:
--------- End Update A Part 1 of 2 --------
Successful exploitation of this vulnerability may allow a remote attacker to conduct a denial-of-service (DoS) attack.
--------- Begin Update A Part 2 of 2 --------
Siemens has provided firmware updates for the following products to fix the vulnerability:
Please contact a Siemens representative for information on how to obtain the update.
--------- End Update A Part 2 of 2 --------
Siemens is preparing further updates and recommends the following mitigations until patches are available:
Siemens recommends users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security:
For more information on the vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-346262 at the following location:
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability.
Specially crafted packets sent to Port 161/UDP could cause a denial-of-service condition. The affected devices must be restarted manually.
George Lashenko of CyberX reported the vulnerability to Siemens.
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany