ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX

Thursday, January 05, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

ICS-CERT originally released Advisory ICSA-11-343-01P on the US-CERT secure portal on December 09, 2011. This web page release was delayed to allow users time to download and install the update.

Researcher Kuang-Chun Hung of Taiwan’s Information and Communication Security Technology Center (ICST) has identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application. The report included buffer overflow and data corruption vulnerabilities.

ICS-CERT has coordinated with Siemens; Siemens has released a patch that addresses the identified vulnerabilities. ICS-CERT has confirmed that the Siemens patch resolves the reported vulnerabilities.

The following Siemens Tecnomatix FactoryLink versions are affected:

• V8.0.2.54
• V7.5.217 (V7.5 SP2)
• V6.6.1 (V6.6 SP1)

Successful exploitation of the reported vulnerabilities could allow an attacker to perform malicious activities including denial of service and arbitrary code execution.

Siemens Tecnomatix FactoryLink software is used for monitoring and controlling industrial processes. FactoryLink is used to build applications such as human-machine interface systems.

FactoryLink is implemented across a variety of industrial processes including oil and gas, chemicals, food and beverage, and building automation. Siemens has announced that FactoryLink is now considered a mature product and will not offer FactoryLink after December 2012.

BUFFER OVERFLOW VULNERABILITY OVERVIEW

This vulnerability is exploited by inputting a long string to a specific parameter causing a buffer overflow that could allow the execution of arbitrary code. CVE-2011-4055c has been assigned to this vulnerability. Siemens’ assessment of the vulnerability using the CVSSd. Version 2.0 calculator rates an Overall CVSS Score of 7.7.

This vulnerability is remotely exploitable. Social engineering is required to convince the user to go to a manipulated website. This decreases the likelihood of a successful exploit. No publicly known exploits specifically target this vulnerability.

An attacker with moderate skill level could exploit this vulnerability. Social engineering is required to convince the user to go to a manipulated website. This decreases the likelihood of a successful exploit.

DATA CORRUPTION VULNERABILITY OVERVIEW

This vulnerability is exploited by inputting arbitrary data, causing a file save to any specified location on the target system. CVE-2011-4056e has been assigned to this vulnerability. Siemens’ assessment of the vulnerability using the CVSSf. Version 2.0 calculator rates an Overall CVSS Score of 7.7.

This vulnerability is remotely exploitable. Social engineering may be required to execute a remote exploit via a manipulated file or web page. No publicly known exploits specifically target this vulnerability. An attacker with moderate skill level could exploit the vulnerabilities.

MITIGATION

Siemens has released a patch to its customers to address these vulnerabilities. Customers of vulnerable versions of Siemens Tecnomatix FactoryLink should deploy the Siemens patch available at: http://www.usdata.com/sea/factorylink/en/p_nav5.asp.

For more information, please see Siemens’ Security Advisory announcement available at: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/Siemens_Security_Advisory_SSA-850510.pdf.

In addition to the patch released by Siemens, Microsoft has released a kill bit to address the ActiveX vulnerabilities. Customers of vulnerable versions of Siemens Tecnomatix FactoryLink should install the Microsoft update referenced in the Microsoft Security Advisory 2562937: http://technet.microsoft.com/en-us/security/advisory/2562937.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf

Possibly Related Articles:
5966
US-CERT
Information Security
Denial of Service SCADA Vulnerabilities Headlines Siemens Buffer Overflow Advisory ICS Active X ICS-CERT Industrial Control Systems Tecnomatix FactoryLink
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.