AUMA: SIMA Master Station affected by WRECK vulnerability

Forescout Research Labs, partnering with JSOF Research, disclosed NAME:WRECK, a set of Domain Name System (DNS) vulnerabilities that have the potential to cause either Denial of Service (DoS) or Remote Code Execution, allowing attackers to take targeted devices offline or to gain control over them. The vulnerability could be exploited by an attacker on the same network or on a remote network by spoofing packets.

This vulnerability may lead to a Denial of Service (DoS) or arbitrary code execution on affected SIMA² Master Stations. This may allow an adversary to take the device offline or to take over control of the device.

In case you cannot upgrade your SIMA² Master Station to software Version 2.6 or above, it is recommended to configure the use of internal DNS servers only and block external DNS traffic where possible. It is also recommended to segment networks and shield affected devices from untrusted networks, e.g., using firewalls. Network intrusion detection mechanisms can be used to filter malicious packets.

The described vulnerabilities have been fixed in the SIMA² Master Stations with software version V 2.6 or higher. SIMA² Master Stations with software versions < V 2.6 can be upgraded. AUMA recommends applying a product update at the earliest convenience.