CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
80.3%
Siemens has reported to ICS-CERT that denial-of-service (DoS) vulnerabilities exist in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. Siemens has produced a firmware update that mitigates the vulnerability affecting the S7-400 V6.
Siemens will not fix the vulnerability that affects the S7-400 V5 because that product version has reached end-of-life and has been discontinued.
Both vulnerabilities could be exploited remotely.
Siemens reports that one of the vulnerabilities affects the following products within the S7-400 CPU family with firmware Versions 6.0.1 and 6.0.2
Another vulnerability affects the following products within the S7-400 CPU family with firmware Version 5:
When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
Products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments such as manufacturing, power generation and distribution, food and beverages, and chemical industries worldwide.
When the Ethernet port on a SIMATIC S7-400 V6 receives a malformed IP packet, the device could go into the defect mode. The SIMATIC S7-400 V6 CPU defect mode locks out the unit so that it is not available for process control. An attacker could use this vulnerability to perform a DoS attack.
CVE-2012-3016 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C).
These vulnerabilities could be exploited remotely.
No known public exploits specifically target these vulnerabilities.
An attacker with a low skill could exploit these vulnerabilities.
Siemens has released security advisories (SSA-589272 and SSA-617264) that detail the vulnerabilities in the two SIMATIC S7-400 CPU and the recommended security practices to secure the systems.
Siemens provided firmware update V6.0.3CPU 412-2 PN, http://support.automation.siemens.com/WW/view/en/45645157, Website last visited July 26, 2012., CPU 414-3 PN/DP, CPU 414F-3 PN/DP, http://support.automation.siemens.com/WW/view/en/45645228, Website last visited July 30, 2012., CPU 416-3 PN/DP, CPU 416F-3 PN, http://support.automation.siemens.com/WW/view/en/45645229, Website last visited July 30, 2012. that closes the vulnerability affecting the S7-400 V6 by fixing the flawed packet processing implementation.
Siemens is not providing a firmware update for SIMATIC S7-400 V5 PN CPUs because this version has reached end-of-life and has been discontinued.
ICS-CERT encourages asset owners to take the following additional defensive measures to protect against this and other cybersecurity risks.
The Control Systems Security Program (CSSP) also provides a section for control systems security recommended practices on the CSSP Web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01AβCyber Intrusion Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3016
www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-12-212-02
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SIMATIC%20S7-400%20PN%20CPU%20DoS+https://www.cisa.gov/news-events/ics-advisories/icsa-12-212-02
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-12-212-02&title=Siemens%20SIMATIC%20S7-400%20PN%20CPU%20DoS
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-12-212-02
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SIMATIC%20S7-400%20PN%20CPU%20DoS&body=www.cisa.gov/news-events/ics-advisories/icsa-12-212-02