Siemens Patches DoS Flaws in Medium Voltage Converters

Siemens Patches DoS Flaws in Medium Voltage Converters
9.5.2018 securityweek ICS

Siemens has released updates for many of its SINAMICS medium voltage converters to address two remotely exploitable denial-of-service (DoS) vulnerabilities.

According to advisories published by ICS-CERT and Siemens, the flaws impact SINAMICS GH150, GL150, GM150, SL150, SM120 and SM150 converters, which are used worldwide in the energy, chemical, critical manufacturing, water and wastewater, and food and agriculture sectors.Siemens patches two DoS vulnerabilities in SINAMICS medium voltage converters

The more serious of the flaws, identified as CVE-2017-12741 and classified “high severity,” can be exploited to cause a DoS condition by sending specially crafted packets to the device on UDP port 161.

The second weakness, tracked as CVE-2017-2680 and rated “medium,” can be exploited by sending specially crafted PROFINET DCP broadcast packets to the targeted device. This issue is less serious due to the fact that exploitation requires direct Layer 2 access to the impacted product. Siemens noted that PROFIBUS interfaces are not affected.

In both cases, manual intervention is required to restore the device after it has entered a DoS condition.

Siemens patches two DoS vulnerabilities in SINAMICS medium voltage converters

The vulnerabilities can be patched by updating the firmware to versions 4.7 SP5 HF7, 4.7 HF30 or 4.8 SP2. Siemens says attacks involving CVE-2017-12741 can also be mitigated by blocking network access to port 161.

While in general DoS vulnerabilities may not pose a major risk, these types of weaknesses can have a significant impact in industrial environments, where availability is often crucial.