Siemens Security Advisory by Siemens ProductCERT SSA-742938: Open Ports in SINAMICS S/G Firmware Publication Date Last Update Current Version CVSS Overall Score 2013-12-04 2013-12-17 1.2 7.8 Summary: A potential vulnerability was discovered in the SINAMICS S/G converter family which might allow attackers to access administrative functions on the device without authentication. Siemens addresses the issue by a firmware update. AFFECTED PRODUCTS SINAMICS G120 with firmware version < V4.6 HF11 Alternatively, the affected products may be identified by using their MLFB. Products with the following MLFBs are affected (character ‘x’ is a wildcard): 6SL3544-0Fx2x-1Fx0 6SL3243-0BB30-1FAx 6SL3244-0BB1x-1FA0 6SL3246-0BA22-1FA0 6SL3210-1KExx-xxFx DESCRIPTION The SINAMICS S/G converter family is used to control a wide variety of drives, especially in mechanical engineering and plant construction. They also interact with motion controllers, which are used among other things to coordinate synchronous operations or complex technology functions. Open ports and services might allow an attacker to access administrative functions on the affected devices. Detailed information about the vulnerability is provided below. VULNERABILITY CLASSIFICATION The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. Vulnerability Description (CVE-2013-6920) Open ports and services (FTP 21/tcp and Telnet 23/tcp) might allow attackers to access administrative functions of the affected devices over the network without authentication. CVSS Base Score CVSS Temporal Score CVSS Overall Score 10.0 7.8 7.8 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C) Mitigating factors: The attacker must have network access to the affected device. SSA-742938 © Siemens AG 2013 Page 1 of 2 Siemens Security Advisory by Siemens ProductCERT SOLUTION Siemens provides firmware update V4.6 HF11 for SINAMICS G120 which fixes the potential vulnerability by closing the affected open ports and services [1]. As a general security measure Siemens strongly recommends to protect network access to the interface of SINAMICS S/G with appropriate mechanisms. It is advised to follow recommended security practices [4] and to configure the environment according to operational guidelines [2] in order to run the devices in a protected IT environment. ADDITIONAL RESOURCES [1] The firmware update can be obtained from your local Siemens account manager. [2] An overview of the operational guidelines for Industrial Security (with the cell protection concept): http://www.industry.siemens.com/topics/global/en/industrialsecurity/Documents/operational_guidelines_industrial_security_en.pdf [3] Information about Industrial Security by Siemens: http://www.siemens.com/industrialsecurity [4] Recommended security practices by ICS-CERT: http://ics-cert.us-cert.gov/content/recommended-practices [5] For further inquiries on vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: http://www.siemens.com/cert/advisories HISTORY DATA V1.0 (2013-12-04): V1.1 (2013-12-04): V1.2 (2013-12-17): Publication date Updated download information Updated affected products (MLFBs) and firmware update version DISCLAIMER See: http://www.siemens.com/terms_of_use SSA-742938 © Siemens AG 2013 Page 2 of 2