-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-285795: Denial of Service in OPC-UA in Industrial Products

Publication Date:        2022-05-10
Last Update:             2022-08-09
Current Version:         1.2
CVSS v3.1 Base Score:    6.5


SUMMARY
=======

A vulnerability in the underlying third party component OPC UA ANSIC
Stack (also called Legacy C-Stack) affects several industrial
products. The vulnerability could cause a crash of the component that
includes the vulnerable part of the stack.    Siemens has released
updates for several affected products and recommends to update to the
latest versions. Siemens is preparing further updates and recommends
specific countermeasures for products where updates are not, or not
yet available.


AFFECTED PRODUCTS AND SOLUTION
==============================


* SIMATIC NET PC Software V14 
  - Affected versions:
       All versions < V14 SP1 Update 14
  - Remediation:
       Update to V14 SP1 Update 14 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109807351/

* SIMATIC NET PC Software V15 
  - Affected versions:
       All versions
  - Remediation:
       Currently no fix is planned

       See recommendations from section "Workarounds and Mitigations"

* SIMATIC NET PC Software V16 
  - Affected versions:
       All versions < V16 Update 6
  - Remediation:
       Update to V16 Update 6 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109811815/

* SIMATIC NET PC Software V17 
  - Affected versions:
       All versions < V17 SP1
  - Remediation:
       Update to V17 SP1 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109808270/

* SITOP Manager 
  - Affected versions:
       All versions
  - Remediation:
       Currently no fix is available

       See recommendations from section "Workarounds and Mitigations"

* TeleControl Server Basic V3 
  - Affected versions:
       All versions < V3.1.1
  - Remediation:
       Update to V3.1.1 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109812231/


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

  * Do not use OPC client feature to connect via untrusted networks or to untrusted
    OPC-UA communication partners
  * Use VPN for protecting network communication between cells

Product specific remediations or mitigations can be found in the section
"Affected Products and Solution".


Please follow the "General Security Recommendations".


GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends
to configure the environment according to Siemens' operational
guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-
security), and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity


PRODUCT DESCRIPTION
===================

SIMATIC NET PC software is a software product that is sold separately
and implements the communications product from SIMATIC NET.

SITOP Manager is a tool for commissioning, engineering and monitoring
of SITOP power supplies with communication capabilities.

TeleControl Server Basic allows remote monitoring and control of
plants.


VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2021-45117

  The OPC UA ANSIC Stack (also called Legacy C-Stack) was reported to
  crash when an unexpected OPC UA Response message status code was
  accessed via the synchronous Client API. The vulnerability was found
  in generated code of the OPC Foundation C-Stack. An unexpected
  status code in response message will dereference Null pointer
  leading to crash, ping of death (PoD). This affects a client, but it
  might also affect a server when it uses
  OpcUa_ClientApi_RegisterServer (e.g. register at LDS). A specially
  crafted UA server, or Man in the Middle attacker, can cause the OPC
  UA application to crash by sending uncertain status code in response
  message.

    CVSS v3.1 Base Score: 6.5
    CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
    CWE:                  CWE-476: NULL Pointer Dereference




ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2022-05-10): Publication Date
V1.1 (2022-07-12): Added fix for SIMATIC NET PC Software V16
V1.2 (2022-08-09): Added fix for TeleControl Server Basic

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.

Copyright: Siemens 2022
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmLxo4AACgkQlm7gTEmy
ujRVvA/9HAdPl76wfKoIJ6oj+VtaiYFJDPgnnkI6Kd9x0HUxMv531201aE+W9XqM
3XHjs9+zIDYze9nE4bKpw9nMrYcevpUHelFF9NI6fKxSACgQRndYyyZ/aqU9qtkW
Hpj/YCoioD9r21K0ZQxlaYdNKXhEqBGoR6Zn3czJCfYlqy4Tg47UkvSSsvsMPcie
7B3jUF8oGx5xJEfV/DaYg4W3TtONEbDaGdeRPGXU/V/+bDL5qXNjZcwt4VUjdI/D
un0kiW6jGAiiyeD0ikaXLhsPyeXQvYPULsDkQLWKSCXuNrKtRZT0G/329/S1Vo9c
GubSbS/RwT3ZaWSga2ItcUIsO6jXq1jLNyfOosoWLyde2o9wDyPy7uqp1TD6Leon
xLE5jm8c1h2cKGei3K8PYcOHbQzucmcMbRrFF6sCdzaN9GrYfEkHkuxSVzH7jJNg
PUZh3kjjk0bHsQAej1ean69G/19Yigd5DKSGlj5xnwrjonwQCDzOe1z4rli7opU8
AATJPPLP7bPEuz5/Dsd5UpexJ7LoajuV6D7siLFBOi5HFIN1tdPARFL1S8lxduE5
0tpEYtvuN6e8bW0sy7FsaHa08ON4So+NVnbMyuhLOb61siYVm14Bumuo4adm157Y
CNEZgDmcLBeBGK3wB/j1bKjaYPQkz9E+PM3fyXZ9O3OuqWVoMPw=
=50Za
-----END PGP SIGNATURE-----