-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers Publication Date: 2021-06-08 Last Update: 2022-05-10 Current Version: 1.2 CVSS v3.1 Base Score: 7.5 SUMMARY ======= The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions. AFFECTED PRODUCTS AND SOLUTION ============================== * SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) - Affected versions: All versions > V3.0 < V4.0 - Remediation: Update to V4.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808361 * SIMATIC RF166C (6GT2002-0EE20) - Affected versions: All versions > V1.1 and < V1.3.2 - Remediation: Update to V1.3.2 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109768507 * SIMATIC RF185C (6GT2002-0JE10) - Affected versions: All versions > V1.1 and < V1.3.2 - Remediation: Update to V1.3.2 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109768507 * SIMATIC RF186C (6GT2002-0JE20) - Affected versions: All versions > V1.1 and < V1.3.2 - Remediation: Update to V1.3.2 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109768507 * SIMATIC RF186CI (6GT2002-0JE50) - Affected versions: All versions > V1.1 and < V1.3.2 - Remediation: Update to V1.3.2 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109768507 * SIMATIC RF188C (6GT2002-0JE40) - Affected versions: All versions > V1.1 and < V1.3.2 - Remediation: Update to V1.3.2 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109768507 * SIMATIC RF188CI (6GT2002-0JE60) - Affected versions: All versions > V1.1 and < V1.3.2 - Remediation: Update to V1.3.2 See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109768507 * SIMATIC RF360R (6GT2801-5BA30) - Affected versions: All versions < V2.0 - Remediation: Update to V2.0 or later version See further recommendations from section "Workarounds and Mitigations" - Download: https://support.industry.siemens.com/cs/ww/en/view/109808759 WORKAROUNDS AND MITIGATIONS =========================== Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk: * Deactivate the OPC-UA feature of affected devices Product specific remediations or mitigations can be found in the section "Affected Products and Solution". Please follow the "General Security Recommendations". GENERAL SECURITY RECOMMENDATIONS ================================ As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity PRODUCT DESCRIPTION =================== SIMATIC RF185C, RF186C/CI, and RF188C/CI are communication modules for direct connection of SIMATIC identification systems to PROFINET IO/Ethernet and OPC UA. SIMATIC RF300R is a compact RFID reader for use with Profinet and Ethernet SIMATIC RF600 Readers are used for the contactless identification of every kind of object, e.g. transport containers, pallets, production goods, or it can be generally used for recording goods in bulk. VULNERABILITY CLASSIFICATION ============================ The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/. * Vulnerability CVE-2021-31340 Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C CWE: CWE-400: Uncontrolled Resource Consumption ADDITIONAL INFORMATION ====================== For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories HISTORY DATA ============ V1.0 (2021-06-08): Publication Date V1.1 (2022-04-12): Added solution for SIMATIC RF600R family and clarified list of affected devices V1.2 (2022-05-10): Added solution for SIMATIC RF360R TERMS OF USE ============ Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use. Copyright: Siemens 2022 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmJ5qwAACgkQlm7gTEmy ujTfeQ//d9hhwyPfhhJDfyDRpElrrq6d2k0QTweA7uNXc7MSpS1W7yQmChCo6MSA ASDPi5KSjuJXFwNkjcXVxMYs3f8g5t5+pckchIZ3UAZ/SCl3vziIrgfqC/HPpBHW RLerp/RTG0Gkb/gE056/FOHK8y56ARo8HVUiH8tu5yNadU9OIHYtCkd+Lqh2ZPz+ GJ4CAJUl+fVRbnq2l1qzwkNX5lhVS+d/MMCF/0icfPQyDPdSJZzX/P6Rl6T3i22q oOfINFqtdLIAqTwKKOyxR1ViU5rNicMa6ykgLuTRJFPQ/MPXnM1Yx0RUjZwNoasH whrSq5Jh/KPMFM1dcyos5ATH4Y3vvVPlgPZDu1Kut1pLE5PmBkLRG1Dfm0fNNeBf FDzOSZbR0Gi4LiIxSJ3/QLMvdBow5n1b9sS8p0HvZ3SndmorHJ+UPvS1GBYkb+Ev ZLcoJWB/iXxNS35D92Y94ex6GHyXcngVmxBsnNp4WkCFh8XzEI7tR24kk890C/i5 +hoqx7ATq5kg+9IiAcCQkEuGytBuq+mHMDr61KvtJ9yOoUipu/yZ73Z16figm5SQ AXMgnwgDMD/e84DFuGMpku7MhfiALEjLQQNeMyRm//vP0jFAGMt0Z3tGfgYdbR0x PjruFzvXNsEd7fmb4JO6WPGr4hX/FcvWQJxDV4+S7kuOFRYAzBE= =lQCN -----END PGP SIGNATURE-----