Siemens is warning of the presence of six vulnerabilities in some of its SICLOCK central plant clocks that used to synchronize time in industrial environments.
“In the event of failure or loss of reception from the primary time source, the central plant clock ensures stable continuation of the clock time, and tracking of the system time without time jumps as soon as reception is restored.” reads the Siemens official website.
The vulnerabilities have been assigned the CVE identifiers CVE-2018-4851 through CVE-2018-4856, three of them have been classified as critical.
“SICLOCK TC devices are affected by multiple vulnerabilities that could allow an attacker to cause Denial-of-Service conditions, bypass the authentication, and modify the firmware of the device or the administrative client.” reads the security advisory.
One of the critical vulnerabilities tracked as CVE-2018-4851 could be exploited by attackers with access to the network to cause the targeted device to enter a denial-of-service (DoS) condition and potentially reboot by sending it specially crafted packets.
The successful exploitation of this flaw doesn’t require user interaction.
“An attacker with network access to the device, could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device.” reads the security advisory.
“The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed. The vulnerability could impact the availability of the device, and could impact the integrity of the time service functionality of the device.”
The second critical vulnerability, tracked as CVE-2018-4853, can be exploited by an attacker with access to UDP port 69 to modify the firmware on a vulnerable device.
The flaw could be exploited by an attacker to run his own code on the SICLOCK device.
The third critical issue tracked as CVE-2018-4854 can be exploited by an attacker with access to UDP port 69 to modify the administrative client stored on the device.
“An attacker with network access to port 69/udp could modify the administrative client stored on the device.” continues the advisory.
“If a legitimate user downloads and executes the modified client from the affected device, then he could obtain code execution on the client system.”
Siemens also reported a high severity vulnerability that could be exploited by a network attacker to bypass authentication.
The other issues discovered by Siemens are a medium severity flaw that could be exploited to launch a man-in-the-middle (MitM) attack and intercept unencrypted passwords stored in client configuration files, and a low severity flaw that can be exploited by an attacker with admin access to the management interface to lock out legitimate users.
Siemens says it’s not aware of any instances where these flaws have been exploited for malicious purposes.
The flaws impacted the SICLOCK TC100 and SICLOCK TC400.
Siemens did not release firmware updates for the products because they are in phase out, the industrial giant only provided workarounds and mitigations to mitigate the risk of attacks.
(Security Affairs – SICLOCK, Central Plant Clocks)