Denial of service in Siemens Industrial Real-Time (IRT) Devices
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU21932
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-10923
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted packet, break the real-time synchronization of the affected installation and cause a denial-of-service condition on the target system.
Mitigation
- CP1604/CP1616: All versions prior to 2.8
- Development/Evaluation Kits for PROFINET IO:
- DK Standard Ethernet Controller: All versions prior to 4.1.1 Patch 05
- EK-ERTEC 200: All versions prior to 4.5.0 Patch 01
- EK-ERTEC 200P: All versions prior to 4.5.0
- SCALANCE X-200IRT: All versions prior to 5.2.1
- SIMATIC ET 200M: All versions
- SIMATIC ET 200S: All versions
- SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0): All versions
- SIMATIC ET 200pro: All versions
- SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0: All versions
- SIMATIC S7-300 CPU family (incl. F): All versions
- SIMATIC S7-400 (incl. F) v6 and below: All versions
- SIMATIC S7-400 PN/DP v7 (incl. F): All versions
- SIMATIC WinAC RTX (F) 2010: All versions prior to SP3
- SIMOTION: All versions
- SINAMICS DCM: All versions prior to 1.5 HF1
- SINAMICS DCP: All versions
- SINAMICS G110M v4.7 (Control Unit): All versions prior to 4.7 SP10 HF5
- SINAMICS G120 v4.7 (Control Unit): All versions prior to 4.7 SP10 HF5
- SINAMICS G130 v4.7 (Control Unit): All versions prior to 4.7 HF29
- SINAMICS G150 (Control Unit): All versions prior to 4.8
- SINAMICS GH150 v4.7 (Control Unit): All versions
- SINAMICS GL150 v4.7 (Control Unit): All versions
- SINAMICS GM150 v4.7 (Control Unit): All versions
- SINAMICS S110 (Control Unit): All versions
- SINAMICS S120 v4.7 (Control Unit and CBE20): All versions prior to 4.7 HF34
- SINAMICS S150 (Control Unit): All versions prior to 4.8
- SINAMICS SL150 v4.7 (Control Unit): All versions
- SINAMICS SM120 v4.7 (Control Unit): All versions
- SINUMERIK 828D: All versions prior to 4.8 SP5
- SINUMERIK 840D sl: All versions
SINUMERIK 840D sl: All versions
SINUMERIK 828D: before 4.8 SP5
SINAMICS SM120: All versions
SINAMICS SL150: All versions
SINAMICS S150: before 4.8
SINAMICS S120: before 4.7 HF34
SINAMICS S110: All versions
SINAMICS GM150: All versions
SINAMICS GL150: All versions
SINAMICS GH150: All versions
SINAMICS G150: before 4.8
SINAMICS G130: before 4.7 HF29
SINAMICS G120: before 4.7 SP10 HF5
SINAMICS G110M: before 4.7 SP10 HF5
SINAMICS DCP: All versions
SINAMICS DCM: before 1.5 HF1
SIMOTION Firmware: All versions
SIMATIC WinAC RTX (F) 2010: All versions
SIMATIC S7-400 PN/DP V7: All versions
SIMATIC S7-400: All versions
SIMATIC S7-300: All versions
SIMATIC PN/PN Coupler: All versions
SIMATIC ET 200pro: All versions
SIMATIC ET 200ecoPN: All versions
SIMATIC ET 200S: All versions
SIMATIC ET 200M: All versions
SCALANCE X-200 IRT: before 5.2.1
CP1616: 1.0 - 2.7.2
CP1604: 1.0 - 2.7.2
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-283-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
