Apply password protection for S7 communication.Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: SIMATIC S7-PLCSIM Advanced: Update to v4.0 or later version.related ET200 CPUs and SIPLUS variants): Update to v2.9.2 or later version SIPLUS variants): Update to v4.5.0 or later version SIMATIC Drive Controller family: Update to v2.9.2 or later version.SIMATIC S7-1500 Software Controller: Update to v21.9 or later version.SIMATIC ET 200SP Open Controller CPU 1515SP PC2: Update to v21.9 or later version.Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens has released updates for several affected products and recommends updating to the latest versions. Tal Keren from Claroty reported this vulnerability to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems.A CVSS v3 base score of 8.1 has been calculated the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). A remote, unauthenticated attacker with network access to Port 102/TCP could write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.ĬVE-2020-15782 has been assigned to this vulnerability. SIMATIC S7-PLCSIM Advanced: All versions prior to v4.0Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119Īffected devices are vulnerable to a memory protection bypass through a specific operation.SIMATIC S7-1500 Software Controller: All versions.related ET200 CPUs and SIPLUS variants): All versions prior to v2.9.2
SIPLUS variants): All versions prior to v4.5.0 SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl.SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.SIMATIC Drive Controller family: All versions prior to v2.9.2.SIMATIC S7-1500 Software Controller: All versions prior to v21.9.SIPLUS variants): All versions prior to v21.9 Siemens reports this vulnerability affects the following SIMATIC S7-1200 and S7-1500 CPU products: Successful exploitation of this vulnerability could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. This updated advisory is a follow-up to the original advisory titled ICSA-21-152-01 Siemens SIMATIC S7-1200 and S7-1500 CPU Families that was published June 1, 2021, on the ICS webpage on. Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer.Equipment: SIMATIC S7-1200 and S7-1500 CPU Families.
0 kommentar(er)
