Siemens Security Advisory by Siemens ProductCERT SSA

Siemens Security Advisory by Siemens ProductCERT
SSA-237894:
Vulnerability in SIMATIC PCS 7
Publication Date
Last Update
Current Version
CVSS Overall Score
2015-04-23
2015-09-28
1.1
5.3
Summary:
The latest updates for SIMATIC PCS 7 fix a vulnerability that could allow an attacker to use
password hashes for authentication under certain conditions.
AFFECTED PRODUCTS
SIMATIC PCS 7: All versions < V8.1 SP1
DESCRIPTION
SIMATIC PCS 7 is a distributed control system (DCS) for supervisory control and data acquisition
of (SCADA) systems. It is used to monitor and control physical processes involved in industry and
infrastructure on a large scale and over long distances.
Detailed information about the vulnerabilities is provided below.
VULNERABILITY CLASSIFICATION
The vulnerability classification has been performed by using the CVSSv2 scoring system
(http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's
environment and will impact the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.
Vulnerability Description (CVE-2015-2823)
If attackers obtain password hashes of SIMATIC WinCC users, they could possibly use the
hashes to authenticate themselves.
CVSS Base Score
CVSS Temporal Score
CVSS Overall Score
6.8
5.3
5.3 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Mitigating factors
The attacker must be able to obtain a password hash.
Siemens recommends operating the affected products only within trusted networks [3].
SOLUTION
Siemens provides Service Pack 1 [1] for SIMATIC PCS 7 V8.1 and SIMATIC WinCC V7.2 Upd11
[2] for SIMATIC PCS 7 V8.0 SP2 which fix the vulnerability. Siemens recommends customers to
update to the new fixed versions.
As a general security measure Siemens strongly recommends to protect network access with
appropriate mechanisms. It is advised to configure the environment according to our operational
guidelines [3] in order to run the devices in a protected IT environment.
ACKNOWLEDGEMENT
Siemens thanks Ilya Karpov from Positive Technologies for coordinated disclosure of this
vulnerability.
SSA-237894
© Siemens AG 2015
Page 1 of 2
Siemens Security Advisory by Siemens ProductCERT
ADDITIONAL RESOURCES
[1] Information on how to obtain Service Pack 1 for SIMATIC PCS 7 V8.1 can be found here:
https://support.industry.siemens.com/cs/ww/en/view/108463041
[2] Update 11 for SIMATIC WinCC V7.2 can be obtained here:
https://support.industry.siemens.com/cs/de/en/view/109478834
[3] An overview of the operational guidelines for Industrial Security (with the cell protection
concept):
https://www.siemens.com/cert/operational-guidelines-industrial-security
[4] Information about Industrial Security by Siemens:
http://www.siemens.com/industrialsecurity
[5] For further inquiries on vulnerabilities in Siemens products and solutions, please contact the
Siemens ProductCERT:
http://www.siemens.com/cert/advisories
HISTORY DATA
V1.0 (2015-04-23):
V1.1 (2015-09-28):
Publication Date
Added fix information for PCS 7 V8.0 SP2
DISCLAIMER
See: http://www.siemens.com/terms_of_use
SSA-237894
© Siemens AG 2015
Page 2 of 2