Detections
Analytics
Siemens Industrial Products Improper Input Validation (CVE-2017-12741)
high Tenable OT Security Plugin ID 500271
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl.SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0), SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0), SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl.
SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl.
SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has provided firmware updates for the following products to fix this vulnerability:
- Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller: Update to v4.1.1 Patch 05
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: Update to v4.5
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200: Update to v4.5
- SIMATIC ET 200MP IM155-5 PN BA (incl. SIPLUS variants): Update to v4.0.2
- SIMATIC ET 200MP IM155-5 PN HF (incl. SIPLUS variants): Update to v4.2
- SIMATIC ET 200MP IM155-5 PN ST (incl. SIPLUS variants): Update to v4.1
- SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants): Update to v1.1.0
- SIMATIC ET 200SP IM 155-6 PN HF (incl. SIPLUS variants): Update to v4.2.0
- SIMATIC ET 200SP IM 155-6 PN HS (incl. SIPLUS variants): Update to v4.0.1
- SIMATIC PN/PN Coupler (incl. SIPLUS NET variants): Update to v4.2.0
- SIMATIC S7-200 Smart: Update to v2.03.01
- SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants): Update to v3.X.16
- SIMATIC S7-400 H v6 CPU family and below (incl. SIPLUS variants): Update v6.0.8
- SIMATIC S7-400 PN/DP v6 CPU family and below (incl. SIPLUS variants): Update to v6.0.6
- SIMATIC S7-400 PN/DP v7 CPU family (incl. SIPLUS variants): Update to v7.0.2
- SIMATIC S7-410 v8 CPU family (incl. SIPLUS variants): Update to v8.2.1
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Update to v4.2.3
- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Upgrade to v2.0 and newer
- SIMATIC S7-1500 Software Controller: Upgrade to v2.0 and newer
- SIMATIC TDC CP51M1: Update to v1.1.8
- SIMATIC TDC CPU555: Update to v1.1.1
- SIMATIC WinAC RTX (F) 2010: Update to SP3 and apply BIOS and Microsoft Windows updates
- SIMOCODE pro V PN (incl. SIPLUS variants): Update to v2.1.1
- SIMOTION C: Update to v5.1 HF1
- SIMOTION D (incl. SIPLUS variants): Update to v5.1 HF1
- SIMOTION P v4.4 and 4.5: Update to v4.5 HF5 (please contact a Siemens representative for information on how to obtain this update)
- SIMOTION P v5: Update to v5.1 HF1 (please contact a Siemens representative for information on how to obtain this update)
- SINAMICS DCM w. PN: Update to v1.4 SP1 HF6
- SINAMICS DCP w. PN: Update to v1.2 HF2
- SINAMICS G110M w. PN: Update to v4.7 SP9 HF1
- SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants): Update to v4.7 SP9 HF1
- SINAMICS G130 v4.7 w. PN: Update to v4.7 HF29
- SINAMICS G130 v4.8 w. PN: Update to v4.8 HF4
- SINAMICS G150 v4.7 w. PN: Update to v4.7 HF29
- SINAMICS G150 v4.8 w. PN: Update to v4.8 HF4
- SINAMICS S110 w. PN: Update to v4.4 SP3 HF6
- SINAMICS S120 v4.7 SP1 w. PN (incl. SIPLUS variants): Update to latest version of v5.1 SP1
- SINAMICS S120 v4.7 w. PN (incl. SIPLUS variants): Update to v4.7 HF29
- SINAMICS S120 v4.8 w. PN: Update to v4.8 HF5
- SINAMICS S120 prior to v4.7 w. PN (incl. SIPLUS variants): Update to latest version of v5.1 SP1
- SINAMICS S150 v4.7 w.PN: Update to v4.7 HF29
- SINAMICS S150 v4.8 w.PN: Update to v4.8 HF4
- SINAMICS v90: Update to v1.02
- SINUMERIK 840D sl: Update to 4.8 SP3 (obtain update from a Siemens service organization)
Siemens is preparing further updates and recommends the following mitigations until patches are available:
- Disable SNMP if this is supported by the product (refer to the product documentation). Disabling SNMP fully mitigates the vulnerability
- Protect network access to Port 161/UDP of affected devices
- Apply cell protection concept
- Use VPN for protecting network communication between cells
- Apply defense-in-depth
Siemens recommends users configure the operational environment according to the Siemens Operational Guidelines for Industrial Security.
For more information on the vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-346262
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-17-339-01
https://www.securityfocus.com/bid/101964
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf
Plugin Details
Severity: High
ID: 500271
Version: 1.8
Type: remote
Family: Tenable.ot
Published: 2/7/2022
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2017-12741
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:simatic_et_200al_firmware:-, cpe:/o:siemens:simatic_et_200ecopn_firmware:-, cpe:/o:siemens:simatic_et_200m_firmware:-, cpe:/o:siemens:simatic_et_200mp_firmware:-, cpe:/o:siemens:simatic_et_200pro_firmware:-, cpe:/o:siemens:simatic_et_200s_firmware:-, cpe:/o:siemens:simatic_et_200sp_firmware:-, cpe:/o:siemens:simatic_s7-1200_firmware:-, cpe:/o:siemens:simatic_s7-1500_controller_firmware:2.0, cpe:/o:siemens:simatic_s7-1500_firmware, cpe:/o:siemens:simatic_s7-200_firmware, cpe:/o:siemens:simatic_s7-300_firmware:-, cpe:/o:siemens:simatic_s7-400h_v6_firmware:6.0.8, cpe:/o:siemens:simatic_s7-400pn%2fdp_v7_firmware:-, cpe:/o:siemens:simatic_s7-400pn_v6_firmware:6.0.6
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 12/26/2017
Vulnerability Publication Date: 12/26/2017
Reference Information
CVE: CVE-2017-12741
CWE: 400