#VU9545 Improper input validation in Siemens Hardware solutions
Vulnerability identifier: #VU9545
Vulnerability risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
SINAMICS S150
Hardware solutions /
Firmware
SINAMICS G120
Hardware solutions /
Firmware
SIMOTION Firmware
Hardware solutions /
Firmware
SIMATIC S7-1500 CPU
Hardware solutions /
Firmware
SIMATIC S7-1200
Hardware solutions /
Firmware
SIMATIC S7-410
Hardware solutions /
Firmware
SIMATIC S7-400
Hardware solutions /
Firmware
SIMATIC S7-300
Hardware solutions /
Firmware
SIMATIC S7-200 Smart
Hardware solutions /
Firmware
SIMOCODE pro V PROFINET
Hardware solutions /
Firmware
SIMATIC PN/PN Coupler
Hardware solutions /
Firmware
SIMATIC Compact Field Unit
Hardware solutions /
Firmware
SINUMERIK 840D
Hardware solutions /
Firmware
SINAMICS V90
Hardware solutions /
Firmware
SINAMICS S120
Hardware solutions /
Firmware
SINAMICS S110
Hardware solutions /
Firmware
SINAMICS G130
Hardware solutions /
Firmware
SINAMICS DCP
Hardware solutions /
Firmware
SINAMICS DCM
Hardware solutions /
Firmware
SIMATIC WinAC RTX 2010
Hardware solutions /
Firmware
SIMATIC ET 200SP
Hardware solutions /
Firmware
SIMATIC ET 200S
Hardware solutions /
Firmware
SIMATIC ET 200pro
Hardware solutions /
Firmware
SIMATIC ET 200MP
Hardware solutions /
Firmware
SIMATIC ET 200M
Hardware solutions /
Firmware
SIMATIC ET 200ecoPN
Hardware solutions /
Firmware
SIMATIC ET 200AL
Hardware solutions /
Firmware
Development/Evaluation Kits for PROFINET IO
Hardware solutions /
Firmware
Vendor: Siemens
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when processing malicious packets. A remote attacker can send specially crafted packets via UDP port 161 and cause the device to crash or become unresponsive.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website.
Vulnerable software versions
SINAMICS S150: 4.7 - 4.8
SINAMICS G120: 4.7
SIMOTION Firmware: 5.1
SIMATIC S7-1500 CPU: 1.0 - 1.8
SIMATIC S7-1200: 2.00 - 4.1.2
SIMATIC S7-410: V8
SIMATIC S7-400: H V6 - PN V6
SIMATIC S7-300: 2.0.0 - 3.3.0
SIMATIC S7-200 Smart: 2.03
SIMOCODE pro V PROFINET: All versions
SIMATIC PN/PN Coupler: All versions
SIMATIC Compact Field Unit: All versions
SINUMERIK 840D: All versions
SINAMICS V90: All versions
SINAMICS S120: All versions
SINAMICS S110: All versions
SINAMICS G130: All versions
SINAMICS DCP: All versions
SINAMICS DCM: All versions
SIMATIC WinAC RTX 2010: All versions
SIMATIC ET 200SP: All versions
SIMATIC ET 200S: All versions
SIMATIC ET 200pro: All versions
SIMATIC ET 200MP: All versions
SIMATIC ET 200M: All versions
SIMATIC ET 200ecoPN: All versions
SIMATIC ET 200AL: All versions
Development/Evaluation Kits for PROFINET IO: All versions
External links
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
