Please use another Browser

It looks like you are using a browser that is not fully supported. Please note that there might be constraints on site display and usability. For the best experience we suggest that you download the newest version of a supported browser:

Internet Explorer, Chrome Browser, Firefox Browser, Safari Browser

Continue with the current browser

Siemens Security Advisory 301706

GNU C Library Vulnerability in Industrial Products

CVSSv3.0 Base Score 8.1 | Last Updated 2016-06-08 | V1.1

 

The glibc vulnerability CVE-2015-7547 [1] affects several Siemens industrial products. The vulnerability could potentially allow attackers to cause a Denial-of-Service of the affected products or to execute arbitrary code under certain conditions. Siemens provides updates for three products and recommends specific mitigations for the remaining affected products.

Know the Issues. Know the Mitigations.
Download Advisory

Issue Details and Mitigations

Security Advisory Details

About the Affected Products

ROX-based VPN

ROX-based VPN

ROX-based VPN endpoints and firewall devices are used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets.

RUGGEDCOM APE

RUGGEDCOM APE is a utility-grade computing platform that plugs directly into any member of the RUGGEDCOM RX1500 family and makes it possible to run third party software applications.

SINEMA Remote Connect

SINEMA Remote Connect provides users access to remote plants or machines for secure maintenance.

The SCALANCES firewall

The SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering incoming and outgoing network connections in different ways.

Basic RT

Basic RT  is a PC-based HMI solution for visualization, user administration, reporting and logging.

Download table as: PDF Excel
Product
Affected Versions
Mitigations
Downloads
Ruggedcom ROX II V2.3.0 - V.2.9.0 (inclusive) Request new firmware version https://www.siemens.com/automation/support-request
Ruggedcom APE (Linux) All versions Follow steps in application note http://support.automation.siemens.com/WW/view/en/109485761
SINEMA Remote Connect All versions < V1.2 Install V1.2 https://support.industry.siemens.com/cs/ww/en/view/109737963
SCALANCE M-800/S615 All versions Apply mitigations described in next section
Basic RT V13 All versions Apply mitigations described in next section

Siemens recommends applying the following mitigations until patches are available for SCALANCE M-800 / S615, and Basic RT V13:

 

  • Disable use of DNS on affected devices if possible, or
  • Use of trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration, or
  • Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.


As a general security measure Siemens strongly recommends to protect network access to non-perimeter devices with appropriate mechanisms. It is advised to configure the environment according to our operational guidelines [5] in order to run the devices in a protected IT environment.

The security vulnerability classification has been performed by using the CVSS scoring system in version 3 (CVSSv3) (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring.

Security Vulnerability Description (CVE-2015-7547)


A stack-based buffer overflow vulnerability (CVE-2015-7547) has been identified in glibc. The vulnerability occurs within the library's DNS client side resolver and could allow an attacker to cause a Denial-of-Service of the affected device or to execute arbitrary code on the affected device.
In order to exploit the vulnerability, the attacker must be able to either trick a targeted host to resolve attacker-controlled domain names, to use attacker-controlled DNS servers for resolution, or to gain a privileged network position allowing him to capture and modify the affected device’s network communication.

CVSS Base Score      8.1
CVSS Vector             CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

V1.0 (2016-04-08): Publication Date
V1.1 (2016-06-08): Added patch information for SINEMA Remote Connect

Contact

Siemens ProductCERT

If you would like to report a vulnerability or security issues related to Siemens products or solutions, please contact Siemens Product CERT.

Only emails composed in English or German can be considered
Checked 7 days a week, response within one work day

In case of other general IT security issues related to Siemens, please contact Siemens CERT.

 

Security Vulnerability Handling Process

If you want to know more on how Siemens handles security vulnerabilities, have a look at the following document.

Link to Docfile

Frequently Asked Questions

The following document collects questions raised to Siemens ProductCERT on a regular basis.

LINK

Industry Best-Practices

Many industries and countries have issued best practices and guidelines. In the following you can find a subset we are aware of.

LINK

Security Vulnerability Handling Process

If you want to know more on how Siemens handles security vulnerabilities, have a look at the following document.

Link to Docfile

Frequently Asked Questions

The following document collects questions raised to Siemens ProductCERT on a regular basis.

LINK

Industry Best-Practices

Many industries and countries have issued best practices and guidelines. In the following you can find a subset we are aware of.

LINK