Information disclosure in Siemens industrial products



Published: 2017-09-01
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-12069
CWE-ID CWE-611
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
SIMATIC NET PC Software
Server applications / SCADA systems

SIMATIC PCS 7
Server applications / SCADA systems

Siemens SIMATIC WinCC
Server applications / SCADA systems

SIMATIC WinCC Runtime Professional
Server applications / SCADA systems

SIMATIC IT Production Suite
Server applications / SCADA systems

Vendor Siemens

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) XXE attack

EUVDB-ID: #VU8071

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-12069

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct XXE attack on the target system.

The weakness exists in the encryption library due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can send specially crafted packets to the OPC Discovery Server at Port 4840/TCP and cause the system to access various resources chosen by the attacker.

Successful exploitation of the vulnerability may result in information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SIMATIC NET PC Software: All versions

SIMATIC PCS 7: 7.1 - 8.1

Siemens SIMATIC WinCC: 7.0 - 7.4

SIMATIC WinCC Runtime Professional: 13.0 - 14.0

SIMATIC IT Production Suite: All versions


CPE2.3 External links

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###