VDE-2024-055 | CERT@VDE

2024-09-09 10:00 (CEST) VDE-2024-055

Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contain a memory protection bypass vulnerability

Share: Email | Twitter

ID

VDE-2024-055

Published

2024-09-09 10:00 (CEST)

Last update

2024-09-09 09:41 (CEST)

Vendor(s)

Festo Didactic SE

Product(s)

Article No°	Product Name	Affected Version(s)
	Siemens Simatic S7-1500 / ET200SP installed on FESTO Didactic CP including S7 PLC	< V2.9.2
	Siemens Simatic S7-1500 / ET200SP installed on FESTO Didactic MPS 200 Systems	< V2.9.2
	Siemens Simatic S7-1500 / ET200SP installed on FESTO Didactic MPS 400 Systems	< V2.9.2

Summary

Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks

CVE ID

CVE-2020-15782

Last Update:

26. August 2024 13:40

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

Summary

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Details

nvd.nist.gov

Impact

Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.

Solution

Mitigation

As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:

Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.
Use firewalls to protect and separate the control system network from other networks. - Use VPN (Virtual Private Networks) tunnels if remote access is required.
Activate and apply user management and password features.
Use encrypted communication links.
Limit the access to both development and control system by physical means, operating system features, etc.
Protect both development and control systems by using up-to-date virus detection solutions.

Festo strongly recommends minimizing and protecting network access to connected devices with state-of-the-art techniques and processes.
To ensure secure operation follow the recommendations in the product manuals

Remediation

Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher

Reported by

CERT@VDE coordinated with Festo Didactic