ICS Advisory (ICSA-22-167-14)

Siemens OpenSSL Affected Industrial Products

Click to Tweet.
Click to send to Facebook.
Click to Share.

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.


 

1. EXECUTIVE SUMMARY

  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: Multiple industrial products
  • Vulnerability: Infinite Loop

2. RISK EVALUATION

Successful exploitation of this vulnerability could create a denial-of-service condition in the affected products.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Siemens industrial products are affected:

  • Industrial Edge - OPC UA Connector: All versions
  • Industrial Edge - PROFINET IO Connector: All versions
  • Industrial Edge - SIMATIC S7 Connector App: All versions prior to v1.7.0
  • RUGGEDCOM CROSSBOW Station Access Controller: All versions only running on ROX
  • RUGGEDCOM RM1224 LTE(4G) EU: All versions
  • RUGGEDCOM RM1224 LTE(4G) NAM: All versions
  • RUGGEDCOM ROX MX5000: All versions
  • RUGGEDCOM ROX MX5000RE: All versions
  • RUGGEDCOM ROX RX1400: All versions
  • RUGGEDCOM ROX RX1500: All versions
  • RUGGEDCOM ROX RX1501: All versions
  • RUGGEDCOM ROX RX1510: All versions
  • RUGGEDCOM ROX RX1511: All versions
  • RUGGEDCOM ROX RX1512: All versions
  • RUGGEDCOM ROX RX1524: All versions
  • RUGGEDCOM ROX RX1536: All versions
  • RUGGEDCOM ROX RX5000: All versions
  • SCALANCE LPE9403: All versions prior to v2.0
  • SCALANCE M804PB: All versions
  • SCALANCE M812-1 ADSL-Router (Annex A): All versions
  • SCALANCE M812-1 ADSL-Router (Annex B): All versions
  • SCALANCE M816-1 ADSL-Router (Annex A): All versions
  • SCALANCE M816-1 ADSL-Router (Annex B): All versions
  • SCALANCE M826-2 SHDSL-Router: All versions
  • SCALANCE M874-2: All versions
  • SCALANCE M874-3: All versions
  • SCALANCE M876-3 (EVDO): All versions
  • SCALANCE M876-3 (ROK): All versions
  • SCALANCE M876-4 (EU): All versions
  • SCALANCE M876-4 (NAM): All versions
  • SCALANCE MUM853-1 (EU): All versions
  • SCALANCE MUM853-1 (RoW): All versions
  • SCALANCE MUM856-1 (EU): All versions
  • SCALANCE MUM856-1 (NAM): All versions
  • SCALANCE MUM856-1 (RoW): All versions
  • SCALANCE S615: All versions
  • SCALANCE SC622-2C: All versions prior to v2.3.1
  • SCALANCE SC632-2C: All versions prior to v2.3.1
  • SCALANCE SC636-2C: All versions prior to v2.3.1
  • SCALANCE SC642-2C: All versions prior to v2.3.1
  • SCALANCE SC646-2C: All versions prior to v2.3.1
  • SIMATIC Cloud Connect 7 CC712: All versions
  • SIMATIC Cloud Connect 7 CC716: All versions
  • SIMATIC CP 343-1 Advanced: All versions
  • SIMATIC CP 443-1 Advanced: All versions
  • SIMATIC CP 443-1 OPC UA: All versions
  • SIMATIC CP 1242-7 V2: All versions
  • SIMATIC CP 1243-1: All versions
  • SIMATIC CP 1243-7 LTE EU: All versions
  • SIMATIC CP 1243-7 LTE US: All versions
  • SIMATIC CP 1243-8 IRC: All versions
  • SIMATIC CP 1542SP-1: All versions
  • SIMATIC CP 1543-1: All versions
  • SIMATIC CP 1543SP-1: All versions
  • SIMATIC CP 1545-1: All versions
  • SIMATIC CP 1626: All versions
  • SIMATIC CP 1628: All versions
  • SIMATIC ET 200SP Open Controller (incl. SIPLUS variants): All versions
  • SIMATIC Logon: All versions
  • SIMATIC MV540 H: All versions
  • SIMATIC MV540 S: All versions
  • SIMATIC MV550 H: All versions
  • SIMATIC MV550 S: All versions
  • SIMATIC MV560 U: All versions
  • SIMATIC MV560 X: All versions
  • SIMATIC NET PC Software v14: All versions
  • SIMATIC NET PC Software v15: All versions
  • SIMATIC NET PC Software v16: All versions
  • SIMATIC NET PC Software v17: All versions
  • SIMATIC PCS 7 TeleControl: All versions
  • SIMATIC PCS neo: All versions
  • SIMATIC PDM: All versions
  • SIMATIC RF166C: All versions prior to v2.0.1
  • SIMATIC RF185C: All versions prior to v2.0.1
  • SIMATIC RF186C: All versions prior to v2.0.1
  • SIMATIC RF186CI: All versions prior to v2.0.1
  • SIMATIC RF188C: All versions prior to v2.0.1
  • SIMATIC RF188CI: All versions prior to v.2.0.1
  • SIMATIC RF360R: All versions prior to v2.0.1
  • SIMATIC RF610R: All versions prior to v4.0.1
  • SIMATIC RF615R: All versions prior to v4.0.1
  • SIMATIC RF650R: All versions prior to v4.0.1
  • SIMATIC RF680R: All versions prior to v4.0.1
  • SIMATIC RF685R: All versions prior to v4.0.1
  • SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions
  • SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions
  • SIMATIC S7-1500 Software Controller (incl. F): All versions
  • SIMATIC S7-PLCSIM Advanced: All versions
  • SIMATIC STEP 7 (TIA Portal): All versions
  • SIMATIC STEP 7 V5.X: All versions
  • SIMATIC WinCC (TIA Portal): All versions
  • SINAUT Software ST7sc: All versions
  • SINAUT ST7CC: All versions
  • SINEC INS: All versions
  • SINEC NMS: All versions
  • SINEMA Remote Connect Server: All versions prior to v3.1
  • SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions
  • SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions
  • SIPLUS NET CP 343-1 Advanced: All versions
  • SIPLUS NET CP 443-1 Advanced: All versions
  • SIPLUS NET CP 1242-7 v2: All versions
  • SIPLUS NET CP 1543-1: All versions
  • SIPLUS S7-1200 CP 1243-1: All versions
  • SIPLUS S7-1200 CP 1243-1 RAIL: All versions
  • SIPLUS TIM 1531 IRC: All versions
  • TeleControl Server Basic v3: All versions
  • TIA Administrator: All versions
  • TIA Portal Cloud: All versions
  • TIA Portal v15: All versions
  • TIA Portal v16: All versions
  • TIA Portal v17: All versions
  • TIM 1531 IRC: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1    LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835

An attacker can trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters, which could result in a denial-of-service condition. Learn more about this vulnerability here.

CVE-2022-0778 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Multiple sectors
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has released updates for several affected products and recommends updating to the latest versions available. Siemens is preparing further updates and recommends countermeasures for products where updates are not yet available or will not be developed. Please see Siemens SSA-712929 to determine if there is an update available.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-712929

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/ics in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target this vulnerability.


Contact Information

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information:  https://us-cert.cisa.gov/ics 
or incident reporting:  https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.