-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-398519: Vulnerabilities in Intel CPUs (November 2019) Publication Date: 2020-02-11 Last Update: 2021-03-09 Current Version: 1.6 CVSS v3.1 Base Score: 9.6 SUMMARY ======= Intel has published information on vulnerabilities in Intel products in November 2019. In this advisory Siemens only explicitly mentions the vulnerabilities from the "Intel® CPU Security Advisory" and one vulnerability from "Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory" and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: https://support.industry.siemens.com/cs/ww/en/view/109747626. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products. AFFECTED PRODUCTS AND SOLUTION ============================== * SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) - Affected versions: All BIOS versions < V2.08 - Affected by vulnerabilities: - CVE-2019-0169 - Remediation: Update BIOS to V2.08 - Download: https://support.industry.siemens.com/cs/ww/en/view/109743969 * SIMATIC Field PG M4 - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC Field PG M5 - Affected versions: All BIOS versions < V22.01.08 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to V22.01.08 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC Field PG M6 - Affected versions: All BIOS versions < V26.01.07 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to V26.01.07 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC127E - Affected versions: All BIOS versions < V27.01.04 - Affected by vulnerabilities: - CVE-2019-0169 - Remediation: Update BIOS to V27.01.04 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC427C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC427D (incl. SIPLUS variants) - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC427E (incl. SIPLUS variants) - Affected versions: All BIOS versions < V21.01.13 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to V21.01.13 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC477C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC477D - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC477E - Affected versions: All BIOS versions < V21.01.13 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to V21.01.13 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC477E Pro - Affected versions: All BIOS versions < V21.01.13 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to V21.01.13 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC527G - Affected versions: All BIOS versions < V1.3.2 - Affected by vulnerabilities: - CVE-2019-0169 - Remediation: Update BIOS to V1.3.2 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC547E - Affected versions: All BIOS versions < R1.34 - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: Update BIOS to R1.34 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC547G - Affected versions: All BIOS versions < R1.28.0 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to R1.28.0 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC627C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC627D - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC627E - Affected versions: All BIOS versions < V25.02.05 - Remediation: Update BIOS to V25.02.05 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC647C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC647D - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC647E - Affected versions: All BIOS versions < V25.02.05 - Remediation: Update BIOS to V25.02.05 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC677C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC677D - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC677E - Affected versions: All BIOS versions < V25.02.05 - Remediation: Update BIOS to V25.02.05 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC IPC827C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC827D - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC847C - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC847D - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMATIC IPC847E - Affected versions: All BIOS versions < V25.02.05 - Remediation: Update BIOS to V25.02.05 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMATIC ITP1000 - Affected versions: All BIOS versions < V23.01.07 - Affected by vulnerabilities: - CVE-2019-0151 - CVE-2019-0169 - Remediation: Update BIOS to V23.01.07 - Download: https://support.industry.siemens.com/cs/ww/en/view/109763408 * SIMOTION P320-4E - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations * SIMOTION P320-4S - Affected versions: All versions - Affected by vulnerabilities: - CVE-2019-0151 - Remediation: See recommendations from section Workarounds and Mitigations WORKAROUNDS AND MITIGATIONS =========================== Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk: * As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible. * Applying a Defense-in-Depth concept can help to reduce the probability that untrusted code is run on the system. Siemens recommends to apply the Defense-in-Depth concept: https://www.siemens.com/industrialsecurity GENERAL SECURITY RECOMMENDATIONS ================================ As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity PRODUCT DESCRIPTION =================== SIMATIC Industrial PCs are the PC hardware platform for PC-based Automation from Siemens. SIMOTION is a scalable high performance hardware and software system for motion control. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product they are based on. VULNERABILITY CLASSIFICATION ============================ The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/. * Vulnerability CVE-2019-0151 Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer * Vulnerability CVE-2019-0152 Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVSS v3.1 Base Score: 8.2 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer * Vulnerability CVE-2019-0169 Heap overflow in subsystem in Intel(R) CSME; Intel(R) TXE could allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. CVSS v3.1 Base Score: 9.6 CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C CWE: CWE-122: Heap-based Buffer Overflow ADDITIONAL INFORMATION ====================== For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories HISTORY DATA ============ V1.0 (2020-02-11): Publication Date V1.1 (2020-03-10): Updated solution for SIMATIC IPC127E, SIMATIC IPC627E, SIMATIC IPC647E, SIMATIC IPC677E, and SIMATIC IPC847E V1.2 (2020-04-14): Updated solution for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V1.3 (2020-07-14): Updated solution for SIMATIC ITP1000; removed SIMATIC IPC827E from list of affected devices, as it was not publicly released V1.4 (2020-10-13): Updated solution for SIMATIC IPC427E, SIMATIC IPC477E, and SIMATIC IPC477E Pro V1.5 (2021-02-09): Updated solution for SIMATIC IPC527G, SIMATIC Field PG M5, and SIMATIC Field PG M6 V1.6 (2021-03-09): Updated solution for SIMATIC IPC547E and SIMATIC IPC547G TERMS OF USE ============ Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElTRCLAVwzKf/b8X80/SB6hFKr+QFAmBGuoAACgkQ0/SB6hFK r+QCXBAAh3+Wt/F7eB1AEHc7kz7nIz/JAw92kMG6zWOWL9UYXsZWMhiKqpNotIB6 87F2v3OUgL9mD+KRkHdTWb2R7+S20gOW5+nABZzsrb/sxNTp0s2zXG0FvG4BOTNw J0y79xiWLE97EeIs4p9XZ7bTeZNiXQKMwOeON8m4ieYEfS3kLEPP4oZuM6ptDIpr UxeCvr5m6ICrasVHCOY5qMW10v5rqL3dU64XwPwdSUiJUhVhF0/Aa9E2KLfh/P9c 40fgMmABc6Fwo/6S4eJcXKAexCVatIPjw8Q1Qetq7KvE6PWUpsf2rs35Eybn6X2y CmaMMob/tsTMGhT4p/jC8qq68oRvrdgSRK8a9Ga3Oh8BxgXzIb30I1vsUkAEkaW4 X2j+Kr5EgXrfFHc+mkyMBzFX1LenuvVdXFoBQxNkKwt3ZVhDgJTq8uCDgVE6JLUH WgfSxibiX6K0nY79n3i0Y4vhsJekZvpHaSA45gzbJHzAsMI2sAl8GHBOQfRRVfEw j02b93Qnw8xXaLUPXQR6Nu4CZZ2/rfyrKBPcK+XcWkIPlEFJJrEViQiK6O+l5K4k Q9NJx90U6K8oV+Ntuzu2lHHht+ou6waYkMY3/x79Z+Yl7xgSP9P1YJ3P/bRuDXBI Q8msBjo7MHKUr2XA2AV2UppW5oA8KUs0iI945ga8aFpH60P6fZg= =2CPR -----END PGP SIGNATURE-----