German industrial giant Siemens has released security patches for several of its SIMATIC products, including some controllers and a mobile application.
Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-of-service (DoS) vulnerability that can be exploited by sending specially crafted PROFINET DCP packets to affected systems.
The flaw, tracked as CVE-2018-4843 and classified as medium severity, can be exploited by an attacker who has access to the network housing the targeted device. While DoS vulnerabilities are generally seen as less severe compared to code execution and other types of flaws, in the case of industrial control systems (ICS), they can have serious impact.
The security hole affects several SIMATIC central processing units (CPUs) and software controllers, SINUMERIK CNC automation solutions, and Softnet PROFINET IO controllers. Siemens has released patches for some of the impacted systems, and provided workarounds and mitigations for the rest.
Siemens also informed customers on Tuesday of an access control vulnerability affecting the Android and iOS versions of its SIMATIC WinCC OA UI mobile application. This app is designed to allow users to remotely access WinCC OA facilities from their mobile devices.
“The latest update for the Android app and iOS app SIMATIC WinCC OA UI fix a security vulnerability which could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app’s sandbox on the same mobile device,” Siemens wrote in its advisory.
“This includes HMI project cache folders of other configured WinCC OA servers. Precondition for this scenario is that an attacker tricks an app user to connect to an attacker-controlled WinCC OA server,” it added.
The SIMATIC WinCC OA UI application vulnerability was discovered by experts at IOActive and Embedi as part of their research into SCADA mobile apps. They analyzed applications from 34 vendors and found security holes in a vast majority of them.