GENERAL SECURITY RECOMMENDATIONS
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security ), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
PRODUCT DESCRIPTION
SIMATIC Industrial PCs, SIMATIC FieldPGs and SIMATIC ITPs are the PC hardware platforms for PC-based Automation from Siemens.
SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product they are based on.
VULNERABILITY CLASSIFICATION
The vulnerability classification has been performed by using the CVSS scoring system in version 3.1
(CVSS v3.1) (https://www.first.org/cvss ). The CVSS environmental score is specific to the customer’s
environment and will impact the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.
An additional classification has been performed using the CWE classification, a community-developed
list of common software security weaknesses. This serves as a common language and as a baseline for
weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found
at: https://cwe.mitre.org/ .
Vulnerability CVE-2018-3616
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.
CVSS v3.1 Base Score
5.9
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE:
CWE-310: Cryptographic Issues
Vulnerability CVE-2018-3657
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the device.
CVSS v3.1 Base Score
6.7
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE:
CWE-20: Improper Input Validation
Vulnerability CVE-2018-3658
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
CVSS v3.1 Base Score
5.3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE:
CWE-401: Improper Release of Memory Before Removing Last Reference ('Memory Leak')