Tuesday, June 9, 2020

Vulnerability Spotlight: Multiple vulnerabilities in Siemens LOGO! PLC


Alexander Perez-Palma of Cisco Talos and Emanuel Almeida of Cisco Systems discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco researchers recently discovered several vulnerabilities in the Siemens LOGO! PLC. The LOGO! allows users to control various automation projects, such as industrial control systems and
other commercial and home settings. The product contains several vulnerabilities that an adversary could use to carry out a variety of malicious activities.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Siemens to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Siemens LOGO! TDE service "NFSAccess" delete denial-of-service vulnerability (TALOS-2020-1024/CVE-2020-7589)

An exploitable denial-of-service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Siemens LOGO! TDE service "DELETEPROG" denial-of-service vulnerability (TALOS-2020-1025/CVE-2020-7589)

An exploitable denial-of-service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Siemens LOGO! TDE service "NFSAccess" upload file write vulnerability (TALOS-2020-1026/CVE-2020-7589)

An exploitable file write vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can upload or overwrite file content to the local SD card. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities the Siemens LOGO! 1.82.02, the LOGO! 12/24RCE, version 0BA and the LOGO! 230RCE, version 0BA.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53441 - 53445, 53484

No comments:

Post a Comment