Siemens Security Advisory 301706
GNU C Library Vulnerability in Industrial Products
CVSSv3.0 Base Score 8.1 | Last Updated 2016-06-08 | V1.1
The glibc vulnerability CVE-2015-7547  affects several Siemens industrial products. The vulnerability could potentially allow attackers to cause a Denial-of-Service of the affected products or to execute arbitrary code under certain conditions. Siemens provides updates for three products and recommends specific mitigations for the remaining affected products.
Issue Details and Mitigations
Security Advisory Details
ROX-based VPN endpoints and firewall devices are used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets.
RUGGEDCOM APE is a utility-grade computing platform that plugs directly into any member of the RUGGEDCOM RX1500 family and makes it possible to run third party software applications.
SINEMA Remote Connect
SINEMA Remote Connect provides users access to remote plants or machines for secure maintenance.
The SCALANCES firewall
The SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering incoming and outgoing network connections in different ways.
Basic RT is a PC-based HMI solution for visualization, user administration, reporting and logging.
|Ruggedcom ROX II||V2.3.0 - V.2.9.0 (inclusive)||Request new firmware version||https://www.siemens.com/automation/support-request|
|Ruggedcom APE (Linux)||All versions||Follow steps in application note||http://support.automation.siemens.com/WW/view/en/109485761|
|SINEMA Remote Connect||All versions < V1.2||Install V1.2||https://support.industry.siemens.com/cs/ww/en/view/109737963|
|SCALANCE M-800/S615||All versions||Apply mitigations described in next section|
|Basic RT V13||All versions||Apply mitigations described in next section|
Siemens recommends applying the following mitigations until patches are available for SCALANCE M-800 / S615, and Basic RT V13:
- Disable use of DNS on affected devices if possible, or
- Use of trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration, or
- Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.
As a general security measure Siemens strongly recommends to protect network access to non-perimeter devices with appropriate mechanisms. It is advised to configure the environment according to our operational guidelines  in order to run the devices in a protected IT environment.
The security vulnerability classification has been performed by using the CVSS scoring system in version 3 (CVSSv3) (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring.
Security Vulnerability Description (CVE-2015-7547)
A stack-based buffer overflow vulnerability (CVE-2015-7547) has been identified in glibc. The vulnerability occurs within the library's DNS client side resolver and could allow an attacker to cause a Denial-of-Service of the affected device or to execute arbitrary code on the affected device.
In order to exploit the vulnerability, the attacker must be able to either trick a targeted host to resolve attacker-controlled domain names, to use attacker-controlled DNS servers for resolution, or to gain a privileged network position allowing him to capture and modify the affected device’s network communication.
CVSS Base Score 8.1
CVSS Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
V1.0 (2016-04-08): Publication Date
V1.1 (2016-06-08): Added patch information for SINEMA Remote Connect
If you would like to report a vulnerability or security issues related to Siemens products or solutions, please contact Siemens Product CERT.
Only emails composed in English or German can be considered
Checked 7 days a week, response within one work day
In case of other general IT security issues related to Siemens, please contact Siemens CERT.