Siemens Security Advisory 301706

Siemens recommends applying the following mitigations until patches are available for SCALANCE M-800 / S615, and Basic RT V13:

• Disable use of DNS on affected devices if possible, or
• Use of trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration, or
• Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.

As a general security measure Siemens strongly recommends to protect network access to non-perimeter devices with appropriate mechanisms. It is advised to configure the environment according to our operational guidelines [5] in order to run the devices in a protected IT environment.

The security vulnerability classification has been performed by using the CVSS scoring system in version 3 (CVSSv3) (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring.

Security Vulnerability Description (CVE-2015-7547)

A stack-based buffer overflow vulnerability (CVE-2015-7547) has been identified in glibc. The vulnerability occurs within the library's DNS client side resolver and could allow an attacker to cause a Denial-of-Service of the affected device or to execute arbitrary code on the affected device.
In order to exploit the vulnerability, the attacker must be able to either trick a targeted host to resolve attacker-controlled domain names, to use attacker-controlled DNS servers for resolution, or to gain a privileged network position allowing him to capture and modify the affected device’s network communication.

CVSS Base Score      8.1
CVSS Vector             CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

V1.0 (2016-04-08): Publication Date
V1.1 (2016-06-08): Added patch information for SINEMA Remote Connect