Home Tags Siemens

Tag: Siemens

Workarounds Available for Flaws in Siemens RUGGEDCOM Gear

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it's unknown whether patches will be made available.

Malware ‘disguised as Siemens software drills into 10 industrial plants’

Four years of active infection, claims security biz Dragos Malware posing as legitimate software for Siemens control gear has apparently infected industrial equipment worldwide over the past four years.…

Malware ‘disguised as Siemens firmware drills into 10 industrial plants’

Four years of active infection, claims security biz Dragos Malware posing as legitimate firmware for Siemens control gear has apparently infected industrial equipment worldwide over the past four years.…

3,000 Industrial Plants Per Year Infected with Malware

Targeted industrial control systems-themed malware is less prevalent yet persistent, including one variant posing as Siemens PLC firmware that has been in action since 2013, researchers find.

Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS

Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions.

The first stop for security news

Threatpost | The first stop for security newsThreatpost | The first stop for security newsPHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution VulnerabilitiesPHPMailer Bug Leaves Millions of Websites Open to AttackClever Facebook Hack ...

Siemens Patches Insufficient Entropy Vulnerability in ICS Systems

German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued an advisory regarding an insufficient entropy vulnerability that could be exploited remotely. “A successful exploitation of this vulnerability could allow an attacker to recover private keys used for HTTPS in the integrated web server,” according to the advisory. A list of affected Desigo PX Web modules include PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D.
Siemens also listed Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U.
In all of the cases, impacted are modules running firmware versions prior to V6.00.046. The vulnerability (CVE-2016-9154) is tied to the Desigo PX Web modules.

Desigo PX is a Siemens hardware and software solution for industrial building automation for controlling everything from HVAC systems to alarm signaling, according to the company’s website.

The Web modules are for extending control of the Desigo PX outside of a facility via the Internet. The vulnerability might allow attackers to hijack web sessions over a network without authentication due to insufficient entropy in its random number generator. “The affected devices use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key,” the Siemens bulletin describes. According to Open Web Application Security Project (OWASP), this vulnerability occurs when an undesirably low amount of entropy is available. “Psuedo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet,” OWASP describes. Siemens has provided a firmware update (V6.00.046) which fixes the vulnerability in the Desigo PX modules.

The company said there are no known public exploits of this vulnerability and doing so would be difficult. A group of security researchers from the University of Pennsylvania coordinated finding and reporting the vulnerability directly to Siemens. Researchers include; Marcella Hastings, Joshua Fried and Nadia Heninger.

SAFECode Gets a New Executive Director

Former Microsoft Executive Steven Lipner, who helped to create the Secure Development Lifecycle (SDL) is the new Executive Director of the Software Assurance Forum for Excellence in Code (SAFECode). SAFECode is getting new leadership with the appointme...

Surprise! Another insecure web-connected CCTV cam needs fixing

Siemens firmware emits admin login details to anyone who asks nicely Siemens has issued a security patch for CCTV cameras that cough up their admin passwords to remote attackers. The cameras are now sold by Vanderbilt Industries, which acquired the camera business unit from the German industrial giant in 2015.

The security bug lies in the web server in the gadgets' firmware, and is present in 16 product ranges under the Siemens brand, including dome, box and bullet-style cameras. If an attacker finds unpatched device on the internet and sends the right HTTP request, the camera will hand over its admin credentials. "An attacker with network access to the web server could obtain administrative credentials by sending certain requests," reads the advisory for CVE-2016-9155. Readers will know it doesn't take long for hackers to scan the internet for vulnerable kit, so owners of the Siemens/Vanderbilt cams need to get busy with their patches before they are hijacked. Cameras and digital video recorders were among the types of device exploited by the Mirai botnet in attacks against Brian Krebs' site and the Dyn DNS service (now Oracle's problem). The Siemens advisory on the security cockup is here [PDF]. ® Sponsored: Customer Identity and Access Management

Malware Infected USB Sticks Posted To Australia Homes

USB sticks containing harmful malware have been left in Australian letterboxes, police in Victoria have warned.Residents of Pakenham, a suburb of Melbourne, have reportedly found the unmarked sticks in the boxes.Plugging them ...

VU#790839: Objective Systems ASN1C generates code that contains a heap overflow...

Objective Systems ASN1C generates code that contains a heap overflow vulnerability Original Release date: 19 Jul 2016 | Last revised: 21 Jul 2016 Overview ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-5080 ASN1C is used to generate high-level-language code from ASN.1 syntax.

According to the reporter, the generated C and C++ code from ASN1C may be vulnerable to heap overflow in the generated heap manager's rtxMemHeapAlloc function.
It is currently unclear if a similar vulnerability exists in other output languages such as Java. and C#.A remote unauthenticated attacker may be able to exploit the heap overflow to execute arbitrary code on the underlying system, but the availability of this exploit depends on whether the application utilizes the rtxMemHeapAlloc function in an unsafe way.
In particular, the application would likely need to process ASN.1 data from untrusted sources to be vulnerable.

Developers making use of ASN1C in their products should audit their code to determine if their application is vulnerable.

The CVSS score below reflects a worst-case scenario, and may not apply to all instances.The researcher has more information available in a security advisory. Impact The impact may vary depending on how the vulnerable code is used in an application.
In worst case, an application that utilizes ASN.1 data from untrusted sources may be exploited by a remote unauthenticated attacker to execute arbitrary code with permissions of the application (typically root/SYSTEM). Solution Apply an updateObjective Systems has released a hotfix for the ASN1C 7.0.1.x series to correct this flaw.

Customers using the vulnerable features should contact Objective Systems directly to request the hotfix.

Customers may also alternately use a different heap manager, or edit the generated code by hand to remove the heap overflow.ASN1C version 7.0.2 will contain the fix for all customers, but its release date is currently not set. Vendor Information (Learn More) The vendors listed below were primarily sourced from Objective Systems' customer list.

The CERT/CC has no further evidence that any particular vendor is impacted unless marked Affected; vendors are encouraged to reach out to us to clarify their status. Vendor Status Date Notified Date Updated Objective Systems Affected - 20 Jun 2016 Hewlett Packard Enterprise Not Affected 20 Jun 2016 01 Jul 2016 Honeywell Not Affected 20 Jun 2016 07 Jul 2016 QUALCOMM Incorporated Not Affected 20 Jun 2016 21 Jul 2016 Siemens Not Affected 19 Jul 2016 20 Jul 2016 Alcatel-Lucent Unknown 20 Jun 2016 20 Jun 2016 AT&T Unknown 20 Jun 2016 20 Jun 2016 BAE Systems Unknown 19 Jul 2016 19 Jul 2016 Booz Allen Hamilton Unknown 19 Jul 2016 19 Jul 2016 Broadcom Unknown 20 Jun 2016 20 Jun 2016 BT Unknown 20 Jun 2016 20 Jun 2016 Cisco Unknown 20 Jun 2016 20 Jun 2016 Deutsche Telekom Unknown 20 Jun 2016 20 Jun 2016 Entrust Unknown 19 Jul 2016 19 Jul 2016 Ericsson Unknown 20 Jun 2016 20 Jun 2016 If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More) Group Score Vector Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Temporal 7.1 E:U/RL:TF/RC:C Environmental 5.4 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References Credit Thanks to Lucas Molas and Ivan Arce of Programa STIC at the Fundación Sadosky for researching and coordinating this vulnerability. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2016-5080 Date Public: 18 Jul 2016 Date First Published: 19 Jul 2016 Date Last Updated: 21 Jul 2016 Document Revision: 39 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.