7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.0%
This updated advisory is a follow-up to the original advisory titled ICSA-18-060-01 Siemens SIMATIC, SIMOTION, and SINUMERIK that was published March 01, 2018, on the NCCIC/ICS-CERT website.
Successful exploitation of these vulnerabilities could result in execution of arbitrary code, extended privileges, and unauthenticated access to sensitive data.
Siemens reports that the vulnerabilities affect the following Industrial PCs and BIOS versions:
Multiple buffer overflows could allow attackers to execute arbitrary code. Local access to the system is required to exploit this vulnerability.
CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707 have been assigned to these vulnerabilities. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
A buffer overflow could allow remote authenticated attackers to execute arbitrary code with extended privileges.
CVE-2017-5712 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Multiple privilege escalations could allow unauthenticated access to sensitive data.
CVE-2017-5708, CVE-2017-5709, and CVE-2017-5710 have been assigned to these vulnerabilities. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).
Siemens ProductCERT reported the vulnerabilities to NCCIC.
Siemens has provided the following updates for mitigations:
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens particularly recommends users configure the environment according to Siemensโ Operational Guidelines for Industrial Security, and follow the recommendations in the product manuals. The Operational Guidelines for Industrial Security can be found at:
<https://www.siemens.com/cert/operational-guidelines-industrial-security>
Additional information on Industrial Security by Siemens can be found at:
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
For more information on these vulnerabilities and associated software updates, please see Siemens security notification SSA-892715 on their website:
<https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf>
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, ICS-TIP-12-146-01BโTargeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
In addition, NCCIC recommends that users take the following measures to protect themselves from social engineering attacks:
No known public exploits specifically target these vulnerabilities.
cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/264.html
nvd.nist.gov/vuln/detail/CVE-2017-5705
nvd.nist.gov/vuln/detail/CVE-2017-5706
nvd.nist.gov/vuln/detail/CVE-2017-5707
nvd.nist.gov/vuln/detail/CVE-2017-5708
nvd.nist.gov/vuln/detail/CVE-2017-5709
nvd.nist.gov/vuln/detail/CVE-2017-5710
nvd.nist.gov/vuln/detail/CVE-2017-5712
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
support.industry.siemens.com/cs/ww/en/%20view/108608500
support.industry.siemens.com/cs/ww/en/%20view/108608500
support.industry.siemens.com/cs/ww/en/%20view/108608500
support.industry.siemens.com/cs/ww/en/%20view/109037537
support.industry.siemens.com/cs/ww/en/%20view/109037779
support.industry.siemens.com/cs/ww/en/%20view/109037779
support.industry.siemens.com/cs/ww/en/%20view/109474954
support.industry.siemens.com/cs/ww/en/%20view/109474954
support.industry.siemens.com/cs/ww/en/%20view/109474954
support.industry.siemens.com/cs/ww/en/%20view/109481624
support.industry.siemens.com/cs/ww/en/%20view/109738122
support.industry.siemens.com/cs/ww/en/%20view/109742593
support.industry.siemens.com/cs/ww/en/%20view/109742593
support.industry.siemens.com/cs/ww/en/%20view/109748173
support.industry.siemens.com/cs/ww/en/%20view/109750349
support.industry.siemens.com/cs/ww/en/%20view/109756438
support.industry.siemens.com/cs/ww/en/%20view/48791866
support.industry.siemens.com/cs/ww/en/%20view/48792076
support.industry.siemens.com/cs/ww/en/%20view/48792076
support.industry.siemens.com/cs/ww/en/%20view/48792087
support.industry.siemens.com/cs/ww/en/%20view/48792087
support.industry.siemens.com/cs/ww/en/%20view/48792087
support.industry.siemens.com/cs/ww/en/%20view/48792087
support.industry.siemens.com/cs/ww/en/%20view/48792087
support.industry.siemens.com/cs/ww/en/%20view/48792087
support.industry.siemens.com/cs/ww/en/%20view/48792087%20
support.industry.siemens.com/cs/ww/en/%20view/67329515
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SIMATIC%2C%20SIMOTION%2C%20and%20SINUMERIK%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-18-060-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-18-060-01&title=Siemens%20SIMATIC%2C%20SIMOTION%2C%20and%20SINUMERIK%20%28Update%20A%29
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-18-060-01
www.oig.dhs.gov/
www.siemens.com/cert/operational-guidelines-industrial-security
www.siemens.com/global/en/home/company/topic-areas/future-of-manufacturing/industrial-security.html
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-18-060-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SIMATIC%2C%20SIMOTION%2C%20and%20SINUMERIK%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-18-060-01
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.0%