Siemens security update

Home / Threat Intelligence bulletins / Siemens security update

Target Industry

Industry sectors and critical infrastructure such as the manufacturing, transportation and energy sectors.

Overview

Siemens has released seventeen new security advisories, five of which have been classified with a critical-severity level:

  • SSA-968170 (CVSSv3 score: 10.0) – Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products
  • SSA-794697 (CVSSv3 score: 9.8) – Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
  • SSA-561322 (CVSSv3 score: 9.8) – Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3.
  • SSA-313488 (CVSSv3 score: 9.9) – Multiple Vulnerabilities in SIMATIC CN 4100 before V2.50
  • SSA-146325 (CVSSv3 score: 9.8) – Multiple Vulnerabilities in RUGGEDCOM ROX before V2.16

Impact

Successful exploitation of these vulnerabilities could lead to a total loss of confidentiality, availability, and integrity of data with regards to the affected product versions.

Vulnerability Detection

Security patches for these vulnerabilities have been released by Siemens. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

  • SSA-968170: SIMATIC STEP 7 V5.x and Derived Products
  • SSA-794697: SIMATIC S7-1500 TM MFP V1.0
  • SSA-561322: SIMATIC MV500 Devices before V3.3.
  • SSA-313488: SIMATIC CN 4100 before V2.50
  • SSA-146325: RUGGEDCOM ROX before V2.16

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected product versions apply the relevant security patches, which can be found within the Siemens Security Advisory.

Indicators of Compromise

No specific Indicators of Compromise (IoC) are available currently.

Threat Landscape

Siemens occupies a significant portion of the build-automation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Siemens products have become a prime target. Due to the fact that these products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactics:

TA0002 – Execution

 

An Intelligence Terminology Yardstick to showing the likelihood of events