Quantcast
Channel: Tenable Blog
Viewing all articles
Browse latest Browse all 1935

Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory

$
0
0

<p>Siemens Security Advisory Day (SAD) for April 2019 addresses a variety of vulnerabilities, including a critical vulnerability in Siemens Spectrum Power.</p>
<h3>Background</h3>
<p>On April 9, Siemens published its monthly Siemens Advisory Day release across a variety of Siemens products. This includes 11 CVEs newly addressed in Siemens products along with updates to previous advisories, including additional CVEs and product updates and mitigations. The most critical of these vulnerabilities could give an unauthenticated attacker administrative privileges.</p>
<h3>Analysis</h3>
<p>Siemens Spectrum Power 4.7 customers that utilize project enhancement (PE) Web Office Portal (WOP) are vulnerable to <a href="https://cert-portal.siemens.com/productcert/txt/ssa-324467.txt" target="_blank" rel="noopener noreferrer" title="CVE-2019-6579">CVE-2019-6579</a>, a critical vulnerability that an unauthenticated attacker with network access could exploit to obtain administrative privileges. This vulnerability has the highest CVSSv3 score possible of 10.0, as it requires no user interaction, and can be exploited as long as WOP is used and the attacker has access to the web server via TCP port 80 or port 443.</p>
<p>Other newly addressed CVEs in Siemens products include denial of service vulnerabilities within the web server (<a href="https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt" target="_blank" rel="noopener noreferrer" title="CVE-2019-6568">CVE-2019-6568</a>) and the <a href="https://new.siemens.com/global/en/products/automation/industrial-communi... target="_blank" rel="noopener noreferrer" title="OPC UA">OPC UA</a>&nbsp;server (<a href="https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt" target="_blank" rel="noopener noreferrer" title="CVE-2019-6575">CVE-2019-6575</a>) of Siemens products. Both of these CVEs have a CVSSv3 score of 7.5.</p>
<p>There were also multiple vulnerabilities patched in components and libraries used by Siemens products, including curl and libcurl in the <a href="https://cert-portal.siemens.com/productcert/txt/ssa-436177.txt" target="_blank" rel="noopener noreferrer" title="SINEMA Remote Connect">SINEMA Remote Connect</a>&nbsp;(CVE-2018-1461, CVE-2018-16890, CVE-2019-3822) and the Quagga BGP daemon in <a href="https://cert-portal.siemens.com/productcert/txt/ssa-451142.txt" target="_blank" rel="noopener noreferrer" title="RUGGEDCOM ROX II">RUGGEDCOM ROX II</a>&nbsp;(CVE-2018-5379, CVE-2018-5380, CVE-2018-5381). <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-5379" target="_blank" rel="noopener noreferrer" title="CVE-2018-5379">CVE-2018-5379</a>&nbsp;is a critical double free vulnerability with a CVSSv3 score of 9.8, that could be exploited via a spoofed BGP UPDATE message delivered on the network, resulting in denial of service (DoS) or achieving arbitrary code execution. CVE-2019-6570 appears to be a vulnerability in the Siemens SINEMA Remote Connect itself, not in a component or library.</p>
<p><a href="https://cert-portal.siemens.com/productcert/txt/ssa-141614.txt" target="_blank" rel="noopener noreferrer" title="CVE-2017-12741">CVE-2017-12741</a> is a denial of service vulnerability in the Siemens SIMOCODE pro V EIP that could be exploited by a remote attacker sending specially crafted packets to UDP port 161. While this advisory is the first release (1.0) from Siemens about this CVE for this product, the CVE itself is associated with a variety of <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-12741#vulnConfigurationsArea" target="_blank" rel="noopener noreferrer" title="Siemens product configurations">Siemens product configurations</a>&nbsp;already.</p>
<p>The remaining CVEs addressed in this month’s SAD are updates to previous advisories published by Siemens. For instance, <a href="https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt" target="_blank" rel="noopener noreferrer" title="SSA-901333">SSA-901333</a>&nbsp;contains an update for the <a href="https://www.tenable.com/blog/responding-to-krack-what-you-need-to-know" target="_blank" rel="noopener noreferrer" title="KRACK (Key Reinstallation Attack)">KRACK (Key Reinstallation Attack)</a>&nbsp;vulnerabilities for the SINAMICS V20 Smart Access Module while <a href="https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt" target="_blank" rel="noopener noreferrer" title="SSA-268644">SSA-268644</a>&nbsp;adds updates to solutions for <a href="https://www.tenable.com/blog/spectre-and-meltdown-still-haunting-intelamd" target="_blank" rel="noopener noreferrer" title="variants 3a and 4 of Spectre-NG">variants 3a and 4 of Spectre-NG</a>&nbsp;for the SIMATIC HMI Panels V14.</p>
<h3>Solution</h3>
<p>Spectrum Power 4.7 users can obtain the Web Office Portal fix, Bugfix bf-47456_PE_WOP_fix by contacting Siemens Energy Customer Support at <a href="mailto:support.energy@siemens.com" target="_blank" rel="noopener noreferrer" title="support.energy@siemens.com">support.energy@siemens.com</a>.</p>
<p>Siemens SINEMA Remote Connect Client <a href="https://support.industry.siemens.com/cs/de/en/view/109764829" target="_blank" rel="noopener noreferrer" title="V2.0 HF1">V2.0 HF1</a>, Server <a href="https://support.industry.siemens.com/cs/de/en/view/109764829" target="_blank" rel="noopener noreferrer" title="V2.0">V2.0</a>&nbsp;and SIMOCODE pro V EIP <a href="https://support.industry.siemens.com/cs/ww/en/view/109756912" target="_blank" rel="noopener noreferrer" title="V1.0.2">V1.0.2</a>&nbsp;is also available for download, while RUGGEDCOM ROX II V2.13.0 can be obtained by contacting the <a href="https://support.industry.siemens.com/my/WW/en/requests#createRequest" target="_blank" rel="noopener noreferrer" title="RUGGEDCOM support team">RUGGEDCOM support team</a>.</p>
<p>For the denial of service vulnerabilities in Siemens industrial product <a href="https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt" target="_blank" rel="noopener noreferrer" title="web servers">web servers</a>&nbsp;and <a href="https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt" target="_blank" rel="noopener noreferrer" title="OPC UA servers">OPC UA servers</a>, please refer to the respective Siemens Security Advisory documents for associated product updates and/or mitigation steps.</p>
<p>For solutions and updates on older advisories, including additional CVEs and availability of patches or mitigations, please refer to the table below</p>
<div>
<table>
<tbody>
<tr>
<td>
<p><span style="font-weight: 400;"><b>Siemens Security Advisory ID</b></span></p>
</td>
<td>
<p><span style="font-weight: 400;"><b>Document Title</b></span></p>
</td>
<td>
<p><span style="font-weight: 400;"><b>Document</b></span></p>
</td>
</tr>
<tr>
<td>
<p><span style="font-weight: 400;">SSA-179516</span></p>
</td>
<td>
<p><span style="font-weight: 400;">OpenSSL Vulnerability in Industrial Products</span></p>
</td>
<td>
<p><span style="font-weight: 400;"><a href="https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt" target="_blank" rel="noopener noreferrer">TXT</a></span></p>
</td>
</tr>
<tr>
<td>
<p><span style="font-weight: 400;">SSA-268644</span></p>
</td>
<td>
<p><span style="font-weight: 400;">Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products</span></p>
</td>
<td>
<p><span style="font-weight: 400;"><a href="https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt" target="_blank" rel="noopener noreferrer">TXT</a></span></p>
</td>
</tr>
<tr>
<td>
<p><span style="font-weight: 400;">SSA-844562</span></p>
</td>
<td>
<p><span style="font-weight: 400;">Multiple Vulnerabilities in Licensing Software for WinCC OA</span></p>
</td>
<td>
<p><span style="font-weight: 400;"><a href="https://cert-portal.siemens.com/productcert/txt/ssa-844562.txt" target="_blank" rel="noopener noreferrer">TXT</a></span></p>
</td>
</tr>
<tr>
<td>
<p><span style="font-weight: 400;">SSA-901333</span></p>
</td>
<td>
<p><span style="font-weight: 400;">KRACK Attacks Vulnerabilities in Industrial Products</span></p>
</td>
<td>
<p><span style="font-weight: 400;"><a href="https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt" target="_blank" rel="noopener noreferrer">TXT</a></span></p>
</td>
</tr>
<tr>
<td>
<p><span style="font-weight: 400;">SSB-439005</span></p>
</td>
<td>
<p><span style="font-weight: 400;">Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP</span></p>
</td>
<td>
<p><span style="font-weight: 400;"><a href="https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt" target="_blank" rel="noopener noreferrer">TXT</a></span></p>
</td>
</tr>
</tbody>
</table>
</div>

<p></p>

<h3>Identifying affected systems</h3>

<p>A list of Nessus plugins to identify these vulnerabilities will appear <a href="https://www.tenable.com/plugins/search?q=%22SSA-141614%22%2C%20%22SSA-30... target="_blank" rel="noopener noreferrer" title="Nessus Plugins for Siemens CVEs">here</a>&nbsp;as they’re released.</p>

<h3>Get more information</h3>
<ul>
<li><a href="https://cert-portal.siemens.com/productcert/txt/ssa-324467.txt" target="_blank" rel="noopener noreferrer" title="Siemens Security Advisory for Spectrum Power 4.7">Siemens Security Advisory for Spectrum Power 4.7</a></li>
<li><a href="https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt" target="_blank" rel="noopener noreferrer" title="Siemens Security Advisory for Denial-of-Service in OPC UA in Industrial Products">Siemens Security Advisory for Denial-of-Service in OPC UA in Industrial Products</a></li>
<li><a href="https://cert-portal.siemens.com/productcert/txt/ssa-141614.txt" target="_blank" rel="noopener noreferrer" title="Siemens Security Advisory for Denial-of-Service in SIMOCODE pro V EIP">Siemens Security Advisory for Denial-of-Service in SIMOCODE pro V EIP</a></li>
<li><a href="https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt" target="_blank" rel="noopener noreferrer" title="Siemens Security Advisory for Denial-of-Service in Web Server of Industrial Products">Siemens Security Advisory for Denial-of-Service in Web Server of Industrial Products</a></li>
<li><a href="https://cert-portal.siemens.com/productcert/txt/ssa-436177.txt" target="_blank" rel="noopener noreferrer" title="Siemens Security Advisory for Multiple Vulnerabilities in SINEMA Remote Connect">Siemens Security Advisory for Multiple Vulnerabilities in SINEMA Remote Connect</a></li>
<li><a href="https://cert-portal.siemens.com/productcert/txt/ssa-451142.txt" target="_blank" rel="noopener noreferrer" title="Siemens Security Advisory for Multiple Vulnerabilities in RUGGEDCOM ROX II">Siemens Security Advisory for Multiple Vulnerabilities in RUGGEDCOM ROX II</a></li>
</ul>
<p><b><i>Join <a href="https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-... Security Response Team</a> on the Tenable Community.</i></b></p>
<p><b><i> Learn more about <a href="https://www.tenable.com/products">Tenable</a>, the first Cyber Exposure platform for holistic management of your modern attack surface. </i></b></p>
<p>Get a <a href="https://www.tenable.com/products/tenable-io/vulnerability-management/eva... 60-day trial</a> of Tenable.io Vulnerability Management.</p>


Viewing all articles
Browse latest Browse all 1935

Trending Articles