Siemens SIMATIC PROFINET DCP Request input validation

Summaryinfo

A vulnerability was found in Siemens SIMATIC. It has been classified as problematic. Affected by this issue is some unknown functionality of the component PROFINET DCP Request Handler. Performing a manipulation results in input validation. This vulnerability is cataloged as CVE-2018-4843. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Siemens SIMATIC (SCADA Software) (unknown version). It has been classified as problematic. This affects an unknown code block of the component PROFINET DCP Request Handler. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on availability. The summary by CVE is:

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions), SIMATIC S7-400 H V6 (All versions), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions), SINUMERIK 840D sl (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected.

The bug was discovered 03/20/2018. The weakness was shared 03/20/2018 with Siemens (Website). It is possible to read the advisory at cert-portal.siemens.com. This vulnerability is uniquely identified as CVE-2018-4843 since 01/02/2018. The exploitability is told to be easy. Access to the local network is required for this attack. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 103465†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• SCADA Software

Vendor

• Siemens

Name

• SIMATIC

License

• commercial

Website

• Vendor: https://www.siemens.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion