Share: Email | Twitter

ID

VDE-2024-055

Published

2024-09-09 10:00 (CEST)

Last update

2024-09-09 09:41 (CEST)

Vendor(s)

Festo Didactic SE

Product(s)

Article No° Product Name Affected Version(s)
Siemens Simatic S7-1500 / ET200SP installed on FESTO Didactic CP including S7 PLC < V2.9.2
Siemens Simatic S7-1500 / ET200SP installed on FESTO Didactic MPS 200 Systems < V2.9.2
Siemens Simatic S7-1500 / ET200SP installed on FESTO Didactic MPS 400 Systems < V2.9.2

Summary

Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks


Last Update:

Aug. 26, 2024, 1:40 p.m.

Weakness

Improper Restriction of Operations within the Bounds of a Memory Buffer  (CWE-119) 

Summary

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.


Impact

Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.

Solution

Mitigation

As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:

  • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.
  • Use firewalls to protect and separate the control system network from other networks. - Use VPN (Virtual Private Networks) tunnels if remote access is required.
  • Activate and apply user management and password features.
  • Use encrypted communication links.
  • Limit the access to both development and control system by physical means, operating system features, etc.
  • Protect both development and control systems by using up-to-date virus detection solutions.

Festo strongly recommends minimizing and protecting network access to connected devices with state-of-the-art techniques and processes.
To ensure secure operation follow the recommendations in the product manuals

Remediation

Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher

Reported by

CERT@VDE coordinated with Festo Didactic