AusCERT - ASB-2013.0001 - [Appliance] Siemens SIMATIC S7-1200 PLC: Denial of service

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ASB-2013.0001 - [Appliance] Siemens SIMATIC S7-1200 PLC: Denial of service - Remote/unauthenticated
Date: 02 January 2013

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0001
         Denial-of-Service Vulnerabilities in SIMATIC S7-1200 PLCs
                              2 January 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Siemens SIMATIC S7-1200 PLC
Operating System:     Network Appliance
Impact/Access:        Denial of Service -- Remote/Unauthenticated
Resolution:           Mitigation
Member content until: Friday, February  1 2013

OVERVIEW

        A denial of service vulnerability has been identified in the Siemens
        S7-1200 PLCs. [1]


IMPACT

        The vendor has provided the following information regarding this 
        vulnerability:
        
        "Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device 
        management over TCP port 102 (ISO-TSAP) and retrieving status 
        information over UDP port 161 (SNMP). It is possible to cause the 
        device to go into defect mode by sending specially crafted packets to 
        these ports.
        
	Siemens is preparing a solution for these issues that will be 
        available in the next scheduled product update. Customers will be 
        advised when this release is available." [1]


MITIGATION

        The vendor has provided the following mitigation to reduce the risk of 
        this vulnerability:
        
        "Siemens is preparing a solution for these issues that will be 
        available in the next scheduled product update. Customers will be 
        advised and this advisory will be updated when the new release is 
        available.
        
	The affected software components are implemented under the assumption 
        of running in a protected network environment. Siemens strongly 
        recommends to protect systems according to recommended security 
        practices in [2] and to configure the environment according to 
        operational guidelines [3]." [1]


REFERENCES

        [1] SSA-724606:	Denial-of-Service Vulnerabilities in SIMATIC S7-1200
            PLCs
            http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf

        [2] Recommended security practices by US-CERT
            http://www.us-cert.gov/control_systems/practices/Recommended_Practices.html

        [3] An overview of the operational guidelines for Industrial Security
            (with the cell protection concept)
            http://www.industry.siemens.com/topics/global/en/industrial-security/Documents/operational_guidelines_industrial_security_en.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUOPT+u4yVqjM2NGpAQIH9hAAmOrZPzI03JUgQy12VTZNBbZsocPffHde
jag3moj5N42spz1Eig3Kr6CHAiCDnvXFjujCAA3IE0Ab8joA1bzOgVvsHczyuYvE
Zh1KoeEKRPyG2vqQKD2czxgqEw9Fb8qBYk1PXkzTaTmleAMYwCxzQqi1FfVXu0G1
OMc9QCmjFBIUzdCZykFzCSMz1QUq7MfwR+sSsVPW6+XOpuJ5xulTxJB1Qjh1CbY/
j7BL8fIpu1N6l7qT5teFlyE4Pg5XIxN5v+cBBR4wwN106M0+VyTjdDoDV0Sn//CH
fj/hZczCAUXslNbPQMymzHWw88OYP1sLIeNmwMslbUjh05sEdGNdo35vUjAUlSy4
TgkfDnK0oN7q5CavD86L/3SfEjfBH0sy8I9aasCT5kPGTCXVF7mGQ03Nq7P0a+n8
hCEohKf4XDu59ejpKLKb4Dlq05y3YsuwCU9V24xHChhtsPpJhETBBFE0oI7fMY8j
iL4j0u3uUCeSgylYDLLyYy0zjt/M52TR58/tMM4J/pOvVCe5P7M9fh6LCvXJyGn6
IkUuBEEkK6S3jtAxgZtDIW0ISSnQONA3+cv2VJILRJpc90o0ZKbHLzMSwJHgz6JD
mHf61Rz9NykxVg/RcDYHs3iEIecQ8rzijlBiszy9Ge3B93h72P2Vn9hlu1Cr25Q5
LxQtK88QSGQ=
=63kB
-----END PGP SIGNATURE-----