Siemens has fixed security issues in its SINAMICS and SCALANCE products.
SINAMICS series products are frequency converters used in critical infrastructure enterprises, including in the chemical, electric power, transport and food industries, as well as in healthcare and social services.
An unsupervised resource consumption vulnerability in SINAMICS could allow an attacker to cause a denial of service. The problem affects the device’s web server and allows it to reboot.
“In order to carry out an attack, an attacker must have access to a vulnerable product through the network. Elevated privileges or user participation are not required”, – Siemens security experts indicate.
The vulnerability received the identifier CVE-2019-6568 and a rating of 7.5 out of 10 for the CVSS v3 vulnerability assessment system. The problem has been fixed in SINAMICS v4.8 SP2 HF9.
SCALANCE managed switches are used in chemical, power and food industries, as well as in water treatment systems.
CVE-2019-10927: Allows an authorized attacker with access to port 22 / TCP on a vulnerable device to cause a denial of service. To carry out the attack, participation by the user is not required. According to the CVSS v3 vulnerability assessment system, the problem was rated 6.5 out of 10.
CVE-2019-10928: Allows an authorized attacker with access to port 22 / TCP and physical access to the device to execute arbitrary commands. According to the CVSS v3 vulnerability assessment system, the problem was rated 6.6 out of 10.
Currently, Siemens has released an update only for the SCALANCE SC-600 (version 2.0.1). As a precaution, the company recommends that users disable port 22 / TCP, restrict physical access to vulnerable devices, and use the built-in firewall in the SCALANCE SC-600.
Previously, Siemens also fixed a vulnerability in Siemens SCALANCE X managed switches.
Mitigations for SINAMICS
Siemens recommends users update to v4.8 SP2 HF9. The update can be obtained from a Siemens representative or via Siemens customer service.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Restrict network access to the integrated webserver.
- Deactivate the webserver if not required, and if deactivation is supported by the product. For SINAMICS products, webserver may be deactivated with parameter P8986 = 0