Siemens addresses multiple critical flaws in SINUMERIK Controllers
Siemens addressed several vulnerabilities in SINUMERIK controllers, including denial-of-service (DoS), privilege escalation and code execution issues.
Siemens has fixed several flaws in SINUMERIK controllers, some of them have been classified as “critical.” The list of vulnerabilities includes DoS,
privilege escalation and code execution flaws.
Security experts at Kaspersky Lab discovered that SINUMERIK 808D, 828D and 840D controllers are affected by multiple vulnerabilities.
“The latest updates for SINUMERIK controllers fix multiple security vulnerabilities that could allow an attacker to cause Denial-of-Service conditions, escalate privileges, or to execute code from remote.” reads the security advisory published by Siemens.
“Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available. Siemens recommends to update affected devices as soon as possible.”
The most serious flaw, tracked as CVE-2018-11466 and ranked with
CVSS score of 10, could be exploited by an unauthenticated attacker on the network to trigger a DoS condition on the integrated software firewall or execute arbitrary code in the context of the firewall by sending specially crafted packets to TCP port 102.
“Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall.” continues the advisory.
“The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.”
Siemens also fixed the CVE-2018-11457 in the integrated web server, the flaw can be exploited by a network attacker with access to TCP port 4842 to execute code with elevated privileges by sending specially crafted packets.
“The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the webserver.” continues the advisory.
Another critical flaw tracked as CVE-2018-11462 could be exploited to elevate privileges, except to root.
The last critical vulnerability, tracked as CVE-2018-11458, affects the integrated VNC server, it could be exploited to execute arbitrary code with elevated privileges via specially crafted network packets on port 5900.
Siemens also fixed three high-severity flaws that allow local code execution, and three medium-severity privilege escalation and DoS bugs.
The good news is that Siemens is not aware of attacks exploiting the above flaws.
Source: https://securityaffairs.co/wordpress/78955/hacking/siemens-sinumerik-controllers-flaws.html