The US Computer Emergency Readiness Team (US-CERT) has just released a security alert related to the presence of at least two critical vulnerabilities in the programmable logic controllers (PLC) of technology company Siemens. According to the vulnerability testing report, exploiting these flaws would allow remote threat actors to deploy denial of service (DoS) attacks, among other tasks, by abusing Port 161/UDP. The report was prepared by Artem Zinenko from security firm Kaspersky.
The first of the reported flaws, tracked as CVE-2015-5621, is an error in SNMP
message handling that would allow a remote hacker to generate a DoS condition
and even execute arbitrary code using a specially crafted package, which must
be sent to Port 161/UDP (SNMP). The vulnerability has received a score of
7.5/10 on the Common Vulnerability Scoring System (CVSS) scale.
On the other hand, the second vulnerability
testing report is a NULL pointer exception error within the SMNP handling code;
exploiting this flaw would allow an authenticated remote threat actor to
generate a DoS condition by sending a specially crafted package to Port 161/UDP
(SNMP). The flaw, tracked as CVE-2018-18065,
received a score of 6.5/10 on the CVSS scale.
The affected products are used in various
industrial branches, such as the chemical, food, health, transport and
wastewater management industries throughout the world. In response to reports,
the German company released a set of updates for the affected products, so
administrators of these solutions are recommended to upgrade to the latest
available versions. If the affected systems were unable to update promptly, Siemens‘
vulnerability testing team prepared some functional workarounds:
SNMP, in case the affected product allows it. SNMP disabling completely mitigates
network access to Port 161/UDP on affected devices
the concept of cellular protection and implement in-depth defense
VPN to protect network communication
The International Institute of Cyber Security (IICS)
suggests administrators protect network access with relevant solutions, as well
as being aware of security recommendations issued by the manufacturer, as these
vulnerabilities appear steadily.