Siemens SCADA systems SIMATIC, SINAMICS, SINEC, SINEMA & SINUMERIK have these vulnerabilities

Cybersecurity specialists reported the finding of at least three vulnerabilities in some Siemens developments widely used in enterprise environments. The products affected are SIMATIC, SINAMICS, SINEC, SINEMA and SINUMERIK.

Below are brief overviews of reported flaws, in addition to their respective tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-7585: This vulnerability exists because SIMATIC PCS 7, SIMATIC PDMm, SIMATIC STEP 7, and SINAMICS STARTER applications load DLL libraries insecurely, allowing arbitrary code execution the target system if the victim interacts with a specially designed .dll file.

The vulnerability can only be exploited locally by authenticated threat actors. No exploit is known to complete this attack. This flaw received a CVSS score of 6.4/10, so it is considered a low severity error.

CVE-2020-7586: This flaw exists due to a limit error that would allow the deployment of denial of service (DDoS) attacks. A local threat actor could pass specially designed data to the affected applications and trigger a buffer overflow, generating the DDoS condition.

The vulnerability received a score of 4.8/10 on the CVSS scale, making it a reduced severity error. Like the previous case, exploiting this security issue requires the intervention of an authenticated local hacker.

CVE-2020-7580: This vulnerability exists due to a component with SYSTEM privileges within the affected applications. Threat actors can execute arbitrary code on the target system with high privileges, thus completely committing the victim’s resources.

The products affected by this flaw are:               

  • SIMATIC Automation Tool
  • SIMATIC NET PC Software
  • SIMATIC ProSave
  • SIMATIC S7-1500 Software Controller
  • SIMATIC STEP 7 (TIA Portal): 13.0, 14.0, 15.0, 16.0
  • SIMATIC WinCC Runtime Professional: 13.0, 14.0, 15.0, 16.0
  • Siemens SIMATIC WinCC
  • SINAMICS Startdrive
  • SINEMA Server
  • SINUMERIK ONE virtual
  • SINUMERIK Operate

The flaw received a CVSS score of 5.8/10 and its exploitation is considered unlikely, as hackers would require privileged-local access to the affected systems. 

Siemens has already released patches to fix these bugs, so users of affected deployments are encouraged to upgrade their systems as soon as possible. So far, no active exploitation of any of these flaws has been detected.