Siemens informed customers that the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security issues.
Some of the vulnerabilities have been rated as critical and could be exploited by attackers to trigger a denial-of-service (DoS) condition or to execute arbitrary code on the server.
Siemens pointed out that in order to exploit the vulnerabilities, an attacker requires access to the Application Highway or the Automation Highway.
“SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server.” reads the security advisory published by Siemens.”Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the Siemens SPPA-T3000 security manual.”
Most of the vulnerabilities were reported by researchers at Kaspersky and Positive Technologies in October 2018 and December 2018, other issues were discovered by an expert from Turkish firm Biznet Bilişim.
“By exploiting some of these vulnerabilities, an attacker could run arbitrary code on an application server, which is one of the key components of the SPPA-T3000 distributed control system. Attackers can thereby take control of operations and disrupt them. This could stop electrical generation and cause malfunctions at power plants where vulnerable systems are installed.” said Vladimir Nazarov, Head of ICS Security at Positive Technologies.
Waiting for a fix from Siemens, customers should implement a series of mitigations:
Siemens said that it is not aware of attacks in the wild that exploited one of these flaws.