Date: 26 July 2012
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0108
A vulnerability has been identified in Siemens SIMATIC STEP7
and SIMATIC PCS7
26 July 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Siemens SIMATIC STEP7
Siemens SIMATIC PCS7
Operating System: Windows XP
Windows Server 2003
Windows 7
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2012-3015
Member content until: Saturday, August 25 2012
OVERVIEW
A vulnerability has been identified in Siemens SIMATIC STEP7 prior to
version 5.5 SP1, and Siemens SIMATIC PCS7 prior to version 7.1 SP3.
IMPACT
The vendor has provided the following details regarding this
vulnerability which has been assigned CVE-2012-3015:
"STEP7 contains a DLL loading mechanism that can be circumvented by
attackers to execute arbitrary code. Siemens has released software
updates that fix this vulnerability." [1]
"SIMATIC STEP7 supports the loading of DLL files in STEP7 project
folders, which can be used within an attack against systems where
STEP7 is installed. An attacker can place arbitrary library files into
STEP7 project folders which will be loaded on STEP7 at start-up without
validation. The code will be executed with the permissions of the STEP7
application.
If a project folder is shared in the network with e.g. WebDAV or
CIFS/SMB, an attacker, who is able to write to this location, can put
a specially crafted library there. If the project file in this
directory is opened by STEP7, the application will load this
library." [1]
MITIGATION
The vendor recommends updating to the latest versions of SIMATIC
STEP7 and SIMATIC PCS7 to correct this issue. [1]
REFERENCES
[1] SSA-110665: STEP7 Vulnerability in DLL Loading Mechanism
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUBDkR+4yVqjM2NGpAQKIlw//RWtkxjcmuvy9OmJceVm84qzwnrn8lrHo
QSRw/vtyfZNTemaQ6y01VjQSkdQgS5q25ZiycWeXNY4tY5EWGPLseHXzxAAChve+
jUNjdZ2AYAjdruwXaJ0j2K+XSmG5mD4yKPVWI15Ia2vZnk7trdPiw8//TmCEsHSU
YtmDRoy3R1o4tOPEv1CMt+yqJL2wWjfG786vmO0U52TFBPZX0wl9GP/wpKCd1Ajw
H/o5NFj71vBR2lOglH0XMF3GtBM6WURIHDgFtR7XadjuTZl6VJkm+XR0kvy1Q/xQ
x+dhUVrq6ei66rjRkQLO/iSDOGjmOGZCvSQjvSCsU1GPlm7KlhBWLK87POwximPm
n8JfP8mDeVbfCHUvJ3rOd7ObXybtfdmFYAnD2uT6UH+xdowp+5Qj2ex3krB5PFdz
AHaSv1qRtwIqaJ3DSzBiMABJEM5dCaDUyTi19g/PEkdkspUxn3ZOw86+4F5xz3do
J9tfB02cs1FrLUIP3pTTWfrt0v1Ot8Z/2tyZ36Um9ASXgnluzxdFWHMwPWE4J+40
LDyths6B3HzdaWMt3q3BVUaRNf+2qUlR5NjXT1Y+iz9iCBZVkm/zXyaCxUh6Kutz
KRjdFTLqr6sJONeAw53Mki9Dbk4E8reqVpJaHNtsyJ5UKh2R+GChLSH9rAihumU8
blPMlJlRvfQ=
=gSxh
-----END PGP SIGNATURE-----
|